Search Results for "garnet-file"

This repo is a public collection of malware samples and related dissection/analysis information, maintained by InQuest. It gathers various kinds of malicious artifacts, executables, scripts, macros, obfuscated documents, etc., with metadata (e.g., VirusTotal reports), file carriers, and sample hashes. It’s intended for malware analysts/researchers to help study how malware works, how they are delivered, and how it evolves.

PowerCat is a compact PowerShell implementation of netcat-style networking utilities that makes it easy to create TCP/UDP clients and listeners, forward ports, and move data between sockets and files. It provides both interactive shells and single-command execution modes so operators can create bind shells, reverse shells, or simple file upload/download endpoints using only PowerShell. The tool supports encrypted connections (SSL/TLS) and can act as a basic SOCKS proxy or relay, enabling flexible pivot and tunneling workflows. PowerCat is implemented as a single, portable PowerShell script that favors minimal dependencies and is convenient to drop into a target or use from an admin workstation. ...

...Included projects cover a broad range of post-exploitation and reconnaissance needs: Kerberos tooling, host survey utilities, credential and browser data extractors, AD enumeration, privilege escalation helpers, persistence frameworks, and file/handle utilities. For convenience the repo also ships per-binary PowerShell loaders when users prefer to avoid loading the entire pack, plus helper binaries used for compression/encoding.

TigerSafe is a free open source password manager. It allows to store passwords in a file, without internet, by encrypting them with a single password. The user can then use a different password for every website he wants to use, and only has to remember a single password: the one used to encrypt/decrypt the file storing his passwords. It is highly recommended to do backups of the file storing passwords with TigerSafe, for example copy/paste it in USB flash drives, cloud drives like Google Drive, Dropbox... ...

DeepBlueCLI is a PowerShell-centric threat-hunting toolkit built to extract, normalize, and flag suspicious activity from Windows event logs and Sysmon telemetry. It parses common sources—including Windows Security, System, Application, PowerShell logs, and Sysmon event ID 1—then applies a rich set of detection heuristics for things like suspicious account changes, password guessing and spraying, service tampering, PowerShell obfuscation and download-string usage, long or unusual command...

...Designed as a compact, single-file PowerShell script, it relies on .NET imaging APIs to manipulate pixel data or metadata and to store the payload in a way that survives ordinary file transfers.

...The project includes multiple scripts/modules (Invoke-WMIExec, Invoke-SMBExec, Invoke-SMBEnum, Invoke-SMBClient, and a wrapper Invoke-TheHash) so operators can choose enumeration, file access, or command execution modes. It uses .NET’s TcpClient for direct SMB/WMI connections and performs authentication by inserting an NTLM hash into the NTLMv2 protocol flow. The module supports both local accounts and domain accounts (via domain parameter), and it accepts either LM:NTLM or pure NTLM format hashes. For command execution, it can create services on remote hosts (SMBExec style) or use WMI class methods. ...

...The collection ranges from benign administrative automation to offensive security demonstrations used in penetration testing, showcasing patterns like keystroke automation, reverse shells, credential capture (for lab use), and lateral transport techniques. Each payload typically includes a payload.txt control file with stages and configurable parameters so operators can adapt behavior to different targets. Because the device and its payloads are powerful, the repository emphasizes responsible use—training, red-team engagements with authorization, and awareness of legal/ethical boundaries.