RID-Hijacking
Privilege Hijacking
A Windows persistence technique using PowerShell to hijack user privileges by modifying security attributes of an existing account.
Windows RID Hijacking persistence technique
166 stars
12 watching
43 forks
Language: PowerShell
last commit: 3 months ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 joeavanzato/trawler | A PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts by scanning for various persistence techniques. | 310 |
 dragokas/hijackthis | Scans for and identifies malicious system modifications | 704 |
 redsection/offensiveph | A tool that utilizes an old driver to bypass user-mode access controls and inject malicious code into processes | 329 |
 d4rk007/redghost | A post exploitation framework designed to assist in persistence, reconnaissance, and privilege escalation on Linux systems | 543 |
 d4stiny/spectre | A proof-of-concept Windows kernel-mode rootkit designed to demonstrate legitimate communication channel exploitation for remote control. | 685 |
 theflakes/reg_hunter | A tool for triaging and hunting Windows persistence mechanisms, providing forensic insights into system activity. | 143 |
 3v4si0n/http-revshell | A tool providing a reverse shell connection through HTTP/S protocol with evasion techniques | 599 |
 c3r3br4t3/shadowrdp | Tools to exploit remote desktop sessions using NTLM and Kerberos authentication | 62 |
 nivekuil/rip | A safer alternative to rm with features like file backup and undo functionality | 1,453 |
 alanrenouf/windows-workstation-and-server-audit | A PowerShell script that audits Windows Workstations or Servers to ensure security and compliance. | 89 |
 hasherezade/persistence_demos | Demonstrates various persistence methods used by malware | 219 |
 mssabr01/sixnet-tools | A tool that exploits vulnerabilities in Sixnet RTUs to gain root-level access | 16 |
 p0w3rsh3ll/autoruns | Provides tools to detect and enumerate autorun entries and their associated files on Windows systems. | 258 |
 c0r0n3r/dheater | An implementation of a proof-of-concept attack exploiting a vulnerability in Diffie-Hellman key exchange for denial-of-service | 187 |
 evild3ad/memprocfs-analyzer | Automated tool for forensic analysis of Windows memory dumps | 555 |