GhostPack: C# Offensive Framework

This is a game changer for red teaming and offensive security. The guys from SpecterOps have just published GhostPack. This represents the transition from Offensive PowerShell frameworks to C# frameworks. This was much expected as blue teams are catching up on PowerShell detection/prevention controls. Moreover, red teams need “offense in depth” having different variations of their toolset based on the engagement needs.

GhostPack is a collection various C# implementations of previous PowerShell functionality, and includes six separate toolsets being released:

  • Seatbelt is by far the meatiest project being released. It’s a clearinghouse of situational awareness “safety checks”.
  • SharpUp is the start of a C# port of PowerUp’s privilege escalation checks.
  • SharpRoast is a C# port of various PowerView’s Kerberoasting functionality. 
  • SharpDump is a essentially C# port of various PowerSploit’s Out-Minidump.ps1 functionality.
  • SafetyKatz is a combination of SharpDump, @gentilkiwi’s Mimikatz project, and @subtee’s .NET PE loader.
  • SharpWMI  is a simple C# wrapper for various WMI functionality.

Happy testing and updating your controls ;)




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.