This is a game changer for red teaming and offensive security. The guys from SpecterOps have just published GhostPack. This represents the transition from Offensive PowerShell frameworks to C# frameworks. This was much expected as blue teams are catching up on PowerShell detection/prevention controls. Moreover, red teams need “offense in depth” having different variations of their toolset based on the engagement needs.
GhostPack is a collection various C# implementations of previous PowerShell functionality, and includes six separate toolsets being released:
- Seatbelt is by far the meatiest project being released. It’s a clearinghouse of situational awareness “safety checks”.
- SharpUp is the start of a C# port of PowerUp’s privilege escalation checks.
- SharpRoast is a C# port of various PowerView’s Kerberoasting functionality.
- SharpDump is a essentially C# port of various PowerSploit’s Out-Minidump.ps1 functionality.
- SafetyKatz is a combination of SharpDump, @gentilkiwi’s Mimikatz project, and @subtee’s .NET PE loader.
- SharpWMI is a simple C# wrapper for various WMI functionality.
Happy testing and updating your controls ;)