9.8. 操作系统持久化

9.8.1. Windows

9.8.1.1. 凭证获取

• mimikatz

• RdpThief Extracting Clear Text Passwords from mstsc.exe using API Hooking

• quarkspwdump Dump various types of Windows credentials without injecting in any process

• SharpDump C# port of PowerSploit’s Out-Minidump.ps1 functionality

9.8.1.2. 权限提升

• WindowsExploits

• GTFOBins Curated list of Unix binaries that can be exploited to bypass system security restrictions

• JAWS Just Another Windows (Enum) Script

9.8.1.3. UAC Bypass

• WinPwnage UAC bypass, Elevate, Persistence and Execution methods

• UACME Defeating Windows User Account Control

• UAC Bypass In The Wild

9.8.1.4. 隐藏

• ProcessHider Post-exploitation tool for hiding processes from monitoring applications

9.8.2. Linux

9.8.2.1. 权限提升

• linux exploit suggester

• LinEnum Scripted Local Linux Enumeration & Privilege Escalation Checks

• AutoLocalPrivilegeEscalation

9.8.3. 综合

9.8.3.1. 凭证获取

• sshLooterC program to steal passwords from ssh

• keychaindump A proof-of-concept tool for reading OS X keychain passwords

• LaZagne Credentials recovery project

9.8.3.2. 权限提升

• BeRoot Privilege Escalation Project - Windows / Linux / Mac

9.8.3.3. RAT

• QuasarRAT

9.8.3.4. C2

• cobalt strike

• Empire

• pupy

9.8.3.5. 日志清除

• Log killer Clear all logs in [linux/windows] servers

9.8.3.6. Botnet

• byob Build Your Own Botnet