Branch | Version | Status | License | Chat | Hitcount |
---|---|---|---|---|---|
Master | v0.1.0 |
A C# toolset to support offensive operators to triage, asses and make intelligent able decisions. Provided operators access to toolsets that can be integrated into other projects and workflow throughout a Red Team, Pentest or host investigation. We built this toolset over a period of a few days, hence the tool prefix of "Hasty".
Name | Twitter Handle |
---|---|
Alexander Rymdeko-Harvey | @killswitch-GUI |
Scottie Austin | @CheckyMander |
All releases can be found on GitHub. We do include a compied set of bin's that may be used for testing and analysis. Although it may be worth it to compile your self :)
Release can be found herehttps://github.com/obscuritylabs/HastySeries/releases
All releases contain:
- Debug Builds
- Release Builds
- Accompanied Strings
All binaries in HastySeries are built targeting .NET 3.5, for windows 7+ support. The following build env should be used:
- Windows 10 - 1803
- Visual Studio 2017-2019
- .NET 3.5
choco install sysinternals
or strings from SysInternals in your current path
ALL HastySeries compiled binaries can be found on the github page with the most recent releases. NOTE: THESE have many static sigs.. dont drop to disk unless you are sure they are cleared via PSP testing.
One major chnage to the assembly namespace is the naming convention, all projects have been moved to the Action
Namespace.
All PDB settings have been disabled for Release builds.
To prevent some basic string matching, some basic precautions where taken. of course this is a example and if OpSec is upmost concern change static key and use the HastyFixup
string fixup project to build new strings before re-compile.
- All strings are XOR'd with a static key
- All strings are than encoded with Base64
- Strings are decoded at execution
- Strings are XOR'd with static key
- String is presented to console
Tool Code Name | Type | .NET Framework | Usage/README |
---|---|---|---|
HastyArp | ENUMERATION | 3.5 | README.md |
HastyDrives | ENUMERATION | 3.5 | README.md |
HastyDump | COLLECTION | 3.5 | README.md |
HastyFixup | OPSEC | 3.5 | README.md |
HastyLogging | SA | 3.5 | README.md |
HastyNslookup | ENUMERATION | 3.5 | README.md |
HastyPing | ENUMERATION | 3.5 | README.md |
HastyShellcode | EXECUTION | 3.5 | README.md |
HastyShot | COLLECTION | 3.5 | README.md |
HastyStroke | COLLECTION | 3.5 | README.md |
HastyUptime | ENUMERATION | 3.5 | README.md |
Type: ENUMERATION
.NET Framework: 3.5
Usage/README: README.md
This project aims to provide a user with the ability to perform arp requests. This project uses the IpHlpApi.dll
for native functionality.
Type: ENUMERATION
.NET Framework: 3.5
Usage/README: README.md
This project aims to provide a user with the ability to perform lists drives on execution system. This project uses System.IO
namespace to easily accomplish this.
Type: COLLECTION
.NET Framework: 3.5
Usage/README: README.md
This project aims to provide a user with the ability to perform collection operations to perform MiniDumps of a process as well as a raw mem dump. This provides operators with multiple choices to achieve access to process memory space.
Type: OPSEC
.NET Framework: 3.5
Usage/README: README.md
This project aims to provide a user with the ability to perform OPSEC operations on the tools provided in this repo. The tools help XOR strings, PE Fixups etc.
Type: SA
.NET Framework: 3.5
Usage/README: README.md
This project aims to provide a user with the ability to perform situational awareness operations of auditing settings. This project uses a mix of built in and native functionality.
Type: ENUMERATION
.NET Framework: 3.5
Usage/README: README.md
This project aims to provide a user with the ability to perform nslookup enumeration operations. This project uses System.Net
namespace to easily accomplish this.
Type: ENUMERATION
.NET Framework: 3.5
Usage/README: README.md
This project aims to provide a user with the ability to perform ping enumeration operations. This project uses System.Net
namespace to easily accomplish this.
Type: COLLECTION
.NET Framework: 3.5
Usage/README: README.md
This project aims to provide a user with the ability to perform collection operations of auditing settings. This project uses a mix of built in and native functionality.
Type: COLLECTION
.NET Framework: 3.5
Usage/README: README.md
This project aims to provide a user with the ability to perform keystroke collection operations. This project uses a mix of built in and native functionality.
Type: SA
.NET Framework: 3.5
Usage/README: README.md
This project aims to provide a user with the ability to perform situational awareness operations of current system uptime. This project uses native functionality.