3 个仓库
Execution of arbitrary commands using Windows Management Instrumentation to create process instances.
Distinct from Command Execution Interfaces: Candidates refer to general application command interfaces or architectural engines, not the specific abuse of WMI for command execution.
Explore 3 awesome GitHub repositories matching security & cryptography · WMI-Based Command Execution. Refine with filters or upvote what's useful.
LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro
Enables running arbitrary commands by creating process instances through the Windows Management Instrumentation interface.
openvas-scanner 是一个漏洞扫描器,旨在识别目标系统中的安全弱点和过时软件。它通过执行安全测试和网络攻击脚本进行网络漏洞扫描,并通过对已安装软件进行静态版本检查来执行本地安全审计。 该项目利用社区管理的源(feeds)来同步和更新本地安全定义和漏洞测试。这些测试和扫描配置通过容器镜像或手动传输加载到系统中,并存储在持久化关系型数据库中,以便进行长期跟踪和报告。 该系统包含一个可以使用容器编排部署的管理栈。通过 Web 管理仪表板、专用命令行工具以及各种远程过程接口(包括基于 XML 的 API 和用于 Windows 系统远程进程执行的 WMI)提供管理控制。 安全和访问通过基于角色的访问控制(RBAC)、密码策略强制执行以及 Web 界面的 TLS 加密进行管理。该扫描器还具有异步任务调度功能以自动化安全审计,并支持通过 SMTP 发送电子邮件通知以进行安全警报。
Connects to Microsoft Windows systems via the Management Instrumentation API to execute remote processes during security checks.
BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hij
Executes system queries and commands on a remote Windows machine using management instrumentation.