Share Some Tools

Share Some Tools

Share some tools you think others will find interesting or useful!

Magic Wormhole

Pretty cool little tool to use to get things from one computer to another, safely.

1 Like

DeepBlue CLI by Eric Conrad

Very easy to use Powershell tool to review logs and Audit. Some very cool features that will detect powershell commands that were obfuscated in metasploit or other advanced methods.

  • Suspicious account behavior
  • User creation
  • User added to local/global/universal groups
  • Password guessing (multiple logon failures, one account)
  • Password spraying via failed logon (multiple logon failures, multiple accounts)
  • Password spraying via explicit credentials
  • Bloodhound (admin privileges assigned to the same account with multiple Security IDs)
  • Command line/Sysmon/PowerShell auditing
  • Long command lines
  • Regex searches
  • Obfuscated commands
  • PowerShell launched via WMIC or PsExec
  • PowerShell Net.WebClient Downloadstring
  • Compressed/Base64 encoded commands (with automatic decompression/decoding)
  • Unsigned EXEs or DLLs
  • Service auditing
  • Suspicious service creation
  • Service creation errors
  • Stopping/starting the Windows Event Log service (potential event log manipulation)
  • Mimikatz
  • lsadump::sam
  • EMET & Applocker Blocks

…and more

A great video presenting DeepBlu CLI by Eric Conrad