ETWHash is a small C# tool used during Red Team engagements, that can consume ETW SMB events and extract NetNTLMv2 hashes for cracking offline, unlike currently documented methods. GitHub: https://github.com/nettitude/ETWHash Microsoft ETW (Event [...]
Introducing Aladdin, a new tool and technique for red teamers to bypass misconfigured Windows Defender Application Control (WDAC) and AppLocker. Aladdin exploits a deserialisation issue over .NET remoting in order to execute code [...]
Red team operators need detailed and accurate C2 report output in order to conduct high quality work. Consequently, reporting has always been a key element of PoshC2. With this update, PoshC2s reporting engine [...]
There have been some big improvements and new features added to PoshC2 and we're excited to announce the release of PoshC2 v7.0. More and more people have started contributing to the project and [...]
As a counterpart to the release of PoshC2 version 6.0 we are providing a list of some of its Indicators of Compromise (IoCs), particularly as used out-of-the-box, as well as some other effective methods [...]
We are pleased to release the latest version of PoshC2 - v6.0. Version 6.0 includes a number of significant and exciting features, in addition to the usual plethora of bug fixes and small [...]
This post describes a new capability that has been deployed within PoshC2, which is designed to assist with revealing a wider set of target environment variables at the dropper stage, as part of [...]