DumpsterFire Toolset
A modular, menu-driven tool for building repeatable, time-delayed, distributed security events.
Last Wednesday, I had some down time so I decided to hunt around in System32 to see if I could find anything of potential interest. I located a few DLL files that shared an interesting export function called OpenURL: While looking for a quick win, I wanted to see if anything could be invoked without much effort. Sure enough, url.dll allowed for the execution an HTML application (.hta) using these commands: rundll32.exe url.dll,OpenURL "local\path\to\harmless.hta" rundll32.exe url.dll,OpenURLA "local\path\to\harmless.hta" After a few more functional tests across platforms, I (prematurely) posted this on Twitter, and the initial feedback was incredibly fast, educational, and humbling. On one hand, I should have went through a few more test routines to understand what was actually happening under the hood prior to posting. Conversely, it was incredible to see the instant reaction from some of the best practitioners in the field who helped triage this in what seemed like a matter of minutes. Big thanks to @subTee, @r0wdy_, and @Hexacorn for their rapid analysis! In short, the HTA was invoked using the OpenURL function, allowing for pass-thru command execution and lateral movement.
A modular, menu-driven tool for building repeatable, time-delayed, distributed security events.
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
A technique for social engineering and untrusted command execution using ClickOnce technology
Inceptor is a template-driven framework for evading Anti-Virus and Endpoint Detection and Response solutions, allowing users to create custom evasion techniques and test their security controls.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.