Vault7: CIA Hacking Tools Revealed
Navigation: » Directory
ff80808141e5196d0141e519a2110024
Attachments:
Assigned Spaces
Assigned Pages
- "The Cloud" Demystified
- Interesting Log/Data Locations SECRET
- Windows Configuration and Logging Storage
- Opportunistic Locks SECRET
- Windows Concepts SECRET
- Survey Modules (KB)
- Fine Dining Tool Module Lists
- Fine Dining Process, Training, and Approval empty
- Fine Dining (Case Officer Toolset) Concepts
- Duqu 2.0 Kaspersky Write-Up
- LinkedOut User Mode LPE (PEULinkedOut_x86x64) SECRET
- 12. Bonus: Capture The Flag SECRET
- 11. Issues and Documentation SECRET
- Fight Club v1.1 (Current Version) SECRET
- Munge Payload SECRET
- Error Munger SECRET
- Marble Descriptions SECRET
- Setting Up Marble Manually SECRET
- Setting Up Marble With The EDG Project Wizard SECRET
- Component Diagram and Description SECRET
- Flash Bang v1.1 (Current Version) SECRET
- Flash Bang v1.0 SECRET
- Flash Bang Supporting Documents empty
- Flash Bang Archived Versions empty
- Flash Bang SECRET
- Time Stomper SECRET
- Fight Club v1.0 SECRET
- Fight Club Supporting Documents empty
- Fight Club Archived Versions empty
- Fight Club SECRET
- Helpful Tools
- Time Stomper empty
- Munge Payload empty
- Fight Club empty
- Rain Maker v1.0 Unclassified User Guide
- Rain Maker v1.0 Developer Notes SECRET
- Rain Maker Temp User Guide
- Rain Maker v1.0 User Guide
- Rain Maker Version Archive empty
- Rain Maker v1.0 (Current Version) SECRET
- Rain Maker Supporting Documents
- Rain Maker Archived Versions
- Rain Maker SECRET
- Marble Framework Home SECRET
- Zone Alarm SECRET
- Trend Micro SECRET
- Symantec SECRET
- Rising SECRET
- Panda Security SECRET
- Norton SECRET
- Malwarebytes Anti-Malware SECRET
- EMET (Enhanced Mitigation Experience Toolkit) SECRET
- Microsoft Security Essentials SECRET
- McAfee SECRET
- Kaspersky SECRET
- GDATA SECRET
- ESET SECRET
- ClamAV SECRET
- Bitdefender SECRET
- Avira SECRET
- AVG SECRET
- Bypassing Windows User Account Control (UAC) and ways of mitigation (GreyHatHacker.net - reddit.com/r/netsec)
- Bypassing Windows User Account Control (UAC) and ways of mitigation (GreyHatHacker.net - reddit.com/r/netsec)
- UAC Bypass Articles
- Exploitation Articles
- Artillery UAC Bypass (PEUArtillery_x86x64) SECRET
- Calvary UAC Bypass (PEUCalvary_x86x64) SECRET
- Group Policy Startup Script (PSEDStartupScript_LDGR - Ledger) SECRET
- Re-signature Guidelines and Signature Documentation SECRET
- Create Process Using Temp Directory (LoadFromDisk_GHR - Gharial) SECRET
- Load Library From Disk Using Temp Directory (LoadLibraryFromDisk_CMN - Caiman) SECRET
- Inject Fire and Forget Dll From Memory Into Remote Process (InjectFireAndForgetFromMemory_HYPD - Hypodermic) SECRET
- Inject Dll From Memory Into A Remote Process (InjectLibraryFromMemory_HYPD - Hypodermic) SECRET
- Load ICE Dll In-Memory (LoadICEFromMemory_INTD - Intradermal) SECRET
- Load Fire and Forget Dll In-Memory (LoadFireAndForgetFromMemory_INTD - Intradermal) SECRET
- Load Library From Memory (LoadLibraryFromMemory_INTD - Intradermal) SECRET
- Payload Deployment Modules: In-Memory Executables
- Payload Deployment Modules: On Disk Dll Loading
- Payload Deployment Modules: In-Memory Dll Execution
- Payload Deployment Modules: On Disk Executables
- LinkedIn User Mode LPE (PEULinkedIn_x86x64) SECRET
- SandWorm INF File Install (PEUSandWorm_x86x64) SECRET
- Verify User is in the Administrator Group via Net User API (MISCIsUserInAdminGroup_NET) SECRET
- List Installed Windows Updates via WMI (MISCEnumerateUpdatesWMI_QFE) SECRET
- List Installed Window Updates on WSUS Connected Machines (MISCEnumerateUpdatesCOM_WSUS) SECRET
- List Installed Windows Updates (MISCEnumerateUpdatesCOM_OFF) SECRET
- Get User Account Control (UAC) Level (MISCUserAccountControlLevel_WIN32) SECRET
- Update Information (Windows Updates)
- UAC (User Account Control)
- MUM Files (.mum) empty
- Get File Major/Minor Version Numbers (MISCFileVersion_WIN32) SECRET
- File Information
- Create A Process Via COM Class Creation (COMLocalServerRun_SHTA - Shasta) SECRET
- Create Process And Choose A User To Run As Via The Task Scheduler (TaskSchedulerRun_SPKL - Speckled) SECRET
- Create Process Via ShellExecute (ShellExecute_CRS - Chorus) SECRET
- Create Process Using WMI (CreateProcessWMI_TIG - Tiger) SECRET
- Create Process And Pipe The Results (CreateProcessPipe_GHRN - Greenhorn) SECRET
- Create Process As Current User +Admin (CreateProcessAsUser_LEP - Leopard) SECRET
- Create Process (CreateProcess_SPF - Spadefoot) SECRET
- Payload Deployment Modules (KB)
- Use COM to Create a 32-bit Process on 64-bit Windows (MISC32Surrogate_COM) SECRET
- COM + Junction Folder User Persistence (PSDComJunction_HCLS - HighClass) SECRET
- Scheduled Task Persistence (PSEDSchedTask_TP - TrickPlay) SECRET
- Persistence Modules (KB)
- Get Current User And Domain (MISCUserAndDomain_TOK) SECRET
- User Information
- Create, Delete, and Write Registry Values (MISCCreateRegistryEntries_WIN32) SECRET
- Registry Information
- Volume to Drive Partition (MISCGetActiveDrivePartition_IOCTL) SECRET
- Drive Information
- Machine Information (Windows)
- n00b
- Kim Jong-un reappears after 40-day absence
- AED Liaison Libraries
- PIF Files (.pif) empty
- Control Panel Files (.cpl)
- Junction Folders empty
- NTFS Alternate Data Streams (ADS)
- Manifest files (.manifest) empty
- Local files (.local) empty
- Core Library (CoreLib) SECRET
- Windows Theme Files (.theme)
- Windows Library Files (.library-ms)
- Autorun.inf empty
- Desktop.ini empty
- Interesting Microsoft Files
- CLSIDs and Junction Folders (Persistence and then some) SECRET
- Component Object Model
- System Monitoring and Manipulation SECRET
- Removable Media Link File Execution (EVRemovableMediaLink_EZC - EZCheese) SECRET
- Link File Execution Utilizing .library-ms (EVLink_RVRJ - RiverJack) SECRET
- Link File Execution Utilizing Desktop.ini (EVLink_BOOM - Boomslang) SECRET
- Removable Media Link File Exploitation with Autorun.inf (EVRemovableMediaLink_LACH - Lachesis) SECRET
- Transfer Data By Appending To An Existing File (DTFile_PICT - PICTOGRAM) SECRET
- Data Transfer Via Data File (DTFile_GLPH - GLYPH) SECRET
- Transferring Data Using NTFS Alternate Data Streams (DTNtfsAds_BK - Brutal Kangaroo) SECRET
- Data Transfer Modules (KB)
- Relative Path Generation (MISCRelativePathGenerator_CUST) SECRET
- Path Manipulation
- Create Directory With Attributes and Create Parent Directories (MISCDirectoryCreator_NTV) SECRET
- Memory Searching - Naive Sequence Search (MISCMemorySearch_NSS) SECRET
- Searching
- Giraffe Link Files (MISCLinkWriter_GRF) SECRET
- Windows Shortcut Files (Link Files)
- Text File Typing - Determing Encoding (MISCTextFileTyper_ENC) SECRET
- File Typing
- Capture and Reset File State (MISCFileStateCapture_WIN) SECRET
- Windows File/Folder Manipulation
- Convert to UTF-8 (String Encoding Class - MISCStringEncoder_WIN32) SECRET
- Lock and Unlock System Volume Information (MISCFolderAccessControl_SVI) SECRET
- Miscellaneous Library SECRET
- Persistence Library SECRET
- Survey Library SECRET
- Buffers Library SECRET
- Privilege Escalation Library SECRET
- Data Transfer Library SECRET
- Modify ACL Code Snippet (System Volume Information - OSB Module)
- Windows Access Control Snippets
- Concepts: Git/Stash/Submodules
- Concepts: EDG Project Wizard
- Concepts: High Level
- Concepts and Conventions
- How-to articles
- "Obama tells ISIL - When you target Americans you will find no safe haven"
- Users of Software Applications
- String Cheese Config GUI
- Articles on Exploiting PSPs
- Articles On Bypassing PSPs
- Personal Security Products (PSPs)
- CLSIDs Windows 8.1 Enterprise x64 with Office 2013
- CLSIDs Windows 8 Enterprise x86 Office 2013
- CLSIDs Windows 7 Ultimate SP1 x64 Office 2010
- CLSIDs Windows 7 Professional x86 With Office 2010
- CLSIDs (Class IDs)
- WinDbg Cheat Sheet
- WinDbg
- Windows Debugging
- Removable Media Link File Execution (EVRemovableMediaLink_EZC - EZCheese) SECRET
- Execution Vector Modules (KB)
- Execution Vectors Library SECRET
- SweetScape Binary Template Archive
- Compound File Binary File Format Template (Microsoft Office Word)
- Link File Template
- 010 Editor
- Interesting and Useful Registry Keys
- Windows Registriy Information
- Windows Registry Snippets
- Windows MAC Address Whitelisting Snippet
- Windows Network Adapter Information
- Windows Process Blacklist Snippet
- Windows Process List Snippets
- Expanding Environment Variables Windows Snippet
- Windows String Manipulation Snippets
- Create Process With WMI
- Windows Process Creation Snippets
- Windows Process Functions
- Windows Linked List Snippet
- Windows Array List Snippet SECRET
- Windows List Snippets
- Windows Code Snippets
- Shellcode Database
- Test Files
- File lists
- Shellcode
- Multiple Platforms
- Windows
- Code Sample
- test troubleshooting article
- Troubleshooting articles
- Testing A How-To Article
- How-to articles
- Tech Topics and Techniques Knowledge Base
- User #76845's Knowledge Base Home