DDE attack with PowerShell Empire
The DDE attack with PowerShell Empire allows for weaponizing a Word document with a PowerShell Empire-based payload, leveraging the Microsoft DDE exploit to execute code in MS Word and other Microsoft products. For more information, refer to the original research at: https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ To execute this attack, ensure you have set up an Empire listener.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A quick and dirty dynamic redirect.rules generator for penetration testers and security professionals.
A powerful tool for extracting passwords and performing various Windows security operations.
A project for demonstrating AWS attack techniques with a focus on ethical hacking practices.
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
Collection of penetration testing scripts for AWS with a focus on reconnaissance.
An open-source intelligence collection, research, and artifact management tool inspired by SpiderFoot, Harpoon, and DataSploit.
Performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
Local pentest lab using docker compose to spin up victim and attacker services.
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.