操作系统持久化
========================================

Windows
----------------------------------------

凭证获取 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `mimikatz <https://github.com/gentilkiwi/mimikatz>`_
- `RdpThief <https://github.com/0x09AL/RdpThief>`_ Extracting Clear Text Passwords from mstsc.exe using API Hooking
- `quarkspwdump <https://github.com/quarkslab/quarkspwdump>`_ Dump various types of Windows credentials without injecting in any process
- `SharpDump <https://github.com/GhostPack/SharpDump>`_ C# port of PowerSploit's Out-Minidump.ps1 functionality

权限提升
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `WindowsExploits <https://github.com/abatchy17/WindowsExploits>`_
- `GTFOBins <https://github.com/GTFOBins/GTFOBins.github.io>`_ Curated list of Unix binaries that can be exploited to bypass system security restrictions
- `JAWS <https://github.com/411Hall/JAWS>`_ Just Another Windows (Enum) Script

UAC Bypass
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `WinPwnage <https://github.com/rootm0s/WinPwnage>`_ UAC bypass, Elevate, Persistence and Execution methods
- `UACME <https://github.com/hfiref0x/UACME>`_ Defeating Windows User Account Control
- `UAC Bypass In The Wild <https://github.com/sailay1996/UAC_Bypass_In_The_Wild>`_

隐藏
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `ProcessHider <https://github.com/M00nRise/ProcessHider>`_ Post-exploitation tool for hiding processes from monitoring applications

Linux
----------------------------------------

权限提升
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `linux exploit suggester <https://github.com/mzet-/linux-exploit-suggester>`_
- `LinEnum <https://github.com/rebootuser/LinEnum>`_ Scripted Local Linux Enumeration & Privilege Escalation Checks
- `AutoLocalPrivilegeEscalation <https://github.com/ngalongc/AutoLocalPrivilegeEscalation>`_

综合
----------------------------------------

凭证获取 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `sshLooterC <https://github.com/mthbernardes/sshLooterC>`_ program to steal passwords from ssh
- `keychaindump <https://github.com/juuso/keychaindump>`_ A proof-of-concept tool for reading OS X keychain passwords
- `LaZagne <https://github.com/AlessandroZ/LaZagne>`_ Credentials recovery project

权限提升
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `BeRoot <https://github.com/AlessandroZ/BeRoot>`_ Privilege Escalation Project - Windows / Linux / Mac

RAT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `QuasarRAT <https://github.com/quasar/QuasarRAT>`_

C2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `cobalt strike <https://www.cobaltstrike.com>`_
- `Empire <https://github.com/EmpireProject/Empire>`_
- `pupy <https://github.com/n1nj4sec/pupy>`_

日志清除
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Log killer <https://github.com/Rizer0/Log-killer>`_ Clear all logs in [linux/windows] servers

Botnet
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `byob <https://github.com/malwaredllc/byob>`_ Build Your Own Botnet