-
Notifications
You must be signed in to change notification settings - Fork 47
Changelog
Grimmie edited this page Nov 16, 2022
·
7 revisions
Initial Release
- RegList - lists registry contents
- Timestomp - modifies file and directory timestamps
- OverrideTasks - deploys MSBuild Override task based persistence based on a payload specified
- GenericRegAdd - adds an arbitrary registry key
- RunKeys - deploys a registry run key
- PopCalc - PoC payload to test persistence, pops calc (C#)
- HelloWorld - runs a hello world script (C#)
- PSProfiles - backdoors a PowerShell profile
- registerEventFilter (WMIOps) - registers WMI event filter
- registerActiveScriptEventConsumer (WMIOps) - registers WMI ActiveScriptEventConsumer
- registerCommandLineEventConsumer (WMIOps) - registers WMI CommandLineEventConsumer
- registerIntervalTimerInstruction (WMIOps) - registers WMI IntervalTimerInstruction
- registerFilterToConsumerBinding (WMIOps) - registers WMI FilterToConsumerBinding
- shellExec (ShellOps) - executes a shell command and returns output
- ModifyKey (RegOps) - modify an existing registry key
- WMIQuery - Runs arbitrary WMI query, allows for property filtering
- Creds
- Check - tests domain credentials
- List - lists locally stored credentials
- FileRead - reads file without having to download
- ProcList - lists running processes
- SchList - lists scheduled tasks
- SvcList - lists services
- NetList - ipconfig
- Compile - compiles C# payloads to exe
- Payloads moved to
/Modules/Payloads - Payload modules now have requiresAdmin variable, allows for easy identifying modules requiring admin permissions to be set
- added
-lmflag for easier navigation