Tools

Ansible Redirector Deployment

GitHub Link Blog Post

Ansible role that allows for quickly deploying a redirector to an existing server with mod_rewrite proxy rules,

Supports Debian and Ubuntu, tested in Digital ocean and Azure

See threat.tevora.com/automating-redirector-deployment-with-ansible for a blog walking through redirectors, ansible, and a deep dive on this role

PowerView Aggressor Script for CobaltStrike

GitHub Link Blog Post

A user menu for @harmjoy'sPowerView
All functions listed in the PowerView about page are included in this with all arguments for each function.

Each function allows for the user to specify if they want to use PowerPick or PowerShell inside of the CS beacon.

The script does not automatically do powershell-import for PowerView you must manually do that first.

Please note this requires PowerView 2.0 (master) not 3.0 (current dev branch)

Splunk Pentest App

GitHub Link Blog Post

Tevora Splunk Penetration Testing Application
Use to gain code execution on any Splunk instances you have access to, code execution on deployment clients, and decryption of credentials stored in Splunk apps.

SecSmash

GitHub Link Blog Post

SecSmash is for leveraging credentials to IT systems to enumerate connected hosts, and send commands to those hosts.

For details on the idea behind the tool, and ways it can be used, check out the talk: https://www.youtube.com/watch?v=M6pHI-bwuB4&index=3&list=PLjpIlpOLoRNRf4qID4oeAUvhkSGfWRAnd

We are launching with Carbon Black and Tripwire integration.

Getting Started
pip install -r requirements.txt python ./secsmash.py

The Framework
We've built an HTTP integrator that takes inputs, and extractions to generate new inputs, to drive a chain of HTTP request to authenticate to the target system, enumerate connected hosts, and run commands.

Integrations can also be built from scratch if they match the Integrator interface.

Eternal Blue Powershell

GitHub Link Blog Post

Because eternal blue is such a useful exploit for red teams now and into the near future, we developed a powershell port of RiskSense-Ops metasploit module. This port of the exploit is 100% powershell, and can be easily imported and used in Empire, or Cobalt Strike shells.