Pinned Repositories
Chimera
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
ClamAVscan
Utilizing ClamAV, automatically scan USB drive for virus or malware, once mounted to a Raspberry Pi, or Linux device.
Domain-Seek-And-Remove-Files
Powershell framework to find and remove files by name on Windows Active Directory domain. This script was built with purpose to cleanup vulnerable exe and utilities by name across a domain.
Force-Reset-LAPS
Powershell script to force reset LAPS passwords across a domain by specifiying an OU or OU's. New values update at next Group Policy Enforcement.
Get-LocalMembership-Domain
Powershell script to query local group membership on domain joined computers. Great for identifying a baseline, maintenance, and Incident Response.
Hash-Huntress
PowerShell framework to detect the existence of files matching SHA-256 hashes provided to the framework, located in file path(s) provided to the framework, using WindowsRM. This tool was built to be a flexible framework that can be tailored to fit many situations.
MicrosoftActiveDirectoryModule
MicrosoftActiveDirectory Powershell Module
Perform-ResetNotify
Incident Response tool to reset a user or user(s) password, and send a notification email to the manager listed in AD, as well as helpdesk, and any other parties. A second email is sent, to manager, and same audience, using Office Message Encryption, with the password for first logon.
Presentations
Slide decks from presentations
SafetyKatz
SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader
crash0ver1d3's Repositories
crash0ver1d3/Hash-Huntress
PowerShell framework to detect the existence of files matching SHA-256 hashes provided to the framework, located in file path(s) provided to the framework, using WindowsRM. This tool was built to be a flexible framework that can be tailored to fit many situations.
crash0ver1d3/ClamAVscan
Utilizing ClamAV, automatically scan USB drive for virus or malware, once mounted to a Raspberry Pi, or Linux device.
crash0ver1d3/Get-LocalMembership-Domain
Powershell script to query local group membership on domain joined computers. Great for identifying a baseline, maintenance, and Incident Response.
crash0ver1d3/Force-Reset-LAPS
Powershell script to force reset LAPS passwords across a domain by specifiying an OU or OU's. New values update at next Group Policy Enforcement.
crash0ver1d3/Domain-Seek-And-Remove-Files
Powershell framework to find and remove files by name on Windows Active Directory domain. This script was built with purpose to cleanup vulnerable exe and utilities by name across a domain.
crash0ver1d3/Presentations
Slide decks from presentations
crash0ver1d3/MicrosoftActiveDirectoryModule
MicrosoftActiveDirectory Powershell Module
crash0ver1d3/Perform-ResetNotify
Incident Response tool to reset a user or user(s) password, and send a notification email to the manager listed in AD, as well as helpdesk, and any other parties. A second email is sent, to manager, and same audience, using Office Message Encryption, with the password for first logon.
crash0ver1d3/ad-honeypot-autodeploy
Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically.
crash0ver1d3/DefenderCheck
Identifies the bytes that Microsoft Defender flags on.
crash0ver1d3/DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
crash0ver1d3/Mitigate
Machine Interrogation To Identify Gaps & Techniques for Execution
crash0ver1d3/mitre-assistant
A more flexible & useful att&ck client
crash0ver1d3/Signal-TLS-Proxy
crash0ver1d3/Sparrow
Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
crash0ver1d3/threat-tools
Tools for simulating threats
crash0ver1d3/ValidateADObjectCheckIn
Utility to identify AD Member servers by LastLogonDate, using a TimeObject that you define.
crash0ver1d3/Apollo
A .NET Framework 4.0 Windows Agent
crash0ver1d3/awesome-flipperzero
🐬 A collection of awesome resources for the Flipper Zero device.
crash0ver1d3/CSS-Exchange
Exchange Server support tools and scripts
crash0ver1d3/dnSpy
.NET debugger and assembly editor
crash0ver1d3/DO-LAB
crash0ver1d3/mass_triage_tools
Mass Triage Tools
crash0ver1d3/MFASweep
A tool for checking if MFA is enabled on multiple Microsoft Services
crash0ver1d3/onedrive_user_enum
pentest tool to enumerate valid onedrive users
crash0ver1d3/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
crash0ver1d3/ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
crash0ver1d3/SharpWMI
SharpWMI is a C# implementation of various WMI functionality.
crash0ver1d3/velociraptor
Digging Deeper....
crash0ver1d3/WIN-FOR
Windows Forensics Environment Builder