https://www.htwmcl.frLatest tools and command lines added to HTWMCL - pentest cheatsheet by g0h4n.en-ushttps://www.htwmcl.fr/assets/img/htwmcl_icon.pnghttps://www.htwmcl.frhttps://www.htwmcl.fr/#Cobalt+Strikehttps://www.htwmcl.fr/#Cobalt+StrikeCobalt Strike (CS) is a threat emulation framework used by red teams to simulate realistic intrusions. It relies on a Team Server (C2 server) that operators connect to via a GUI client. Beacons are agents deployed on targets; they communicate with the team server over HTTP/S, DNS, or SMB (named pipes). Typical workflow: deploy beacon -> post-exploitation -> lateral movement -> persistence. CS is extended via kits (Artifact, Sleep Mask, Resource, Mimikatz) and Aggressor scripts (.cna). - Swissky cheat-sheet: https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/ #RedTeam #CobaltStrike #C2 https://www.htwmcl.fr/#ThreatCheck.exehttps://www.htwmcl.fr/#ThreatCheck.exeTakes a binary as input (either from a file on disk or a URL), splits it until it pinpoints that exact bytes that the target engine will flag on and prints them to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload. #Windows #Maldev #Evasion #Statichttps://www.htwmcl.fr/#CheckPlz.exehttps://www.htwmcl.fr/#CheckPlz.exeCheckPlz is an Rust adaptation of the populars ThreatCheck & GoCheck tools, designed to scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content with precision and providing comprehensive analysis, CheckPlz offers an enhanced and efficient file scanning experience. #Windows #Maldev #Evasion #Statichttps://www.htwmcl.fr/#CyberChefhttps://www.htwmcl.fr/#CyberChefCyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more. The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years. #Cryptohttps://www.htwmcl.fr/#flowsinthttps://www.htwmcl.fr/#flowsintA modern platform for visual, flexible, and extensible graph-based investigations. For cybersecurity analysts and investigators. #osint