👻
GhostPack
  • Introduction
  • Rubeus
    • Introduction
      • Command Line Usage
      • OPSEC Notes
      • Compilation Instructions
    • Ticket Requests & Renewals
    • Constrained Delegation Abuse
    • Ticket Management
    • Ticket Extraction and Harvesting
    • Roasting
    • Miscellaneous
  • Seatbelt
    • Introduction
      • Compilation Instructions
    • Command Line Usage
      • Remote Enumeration
      • Output
      • Command Arguments
      • Command Groups
    • Building Your Own Modules
    • Acknowledgemnents
Powered by GitBook
On this page
  1. Seatbelt

Acknowledgemnents

PreviousBuilding Your Own Modules

Last updated 4 years ago

Seatbelt incorporates various collection items, code C# snippets, and bits of PoCs found throughout research for its capabilities. These ideas, snippets, and authors are highlighted in the appropriate locations in the source code, and include:

  • ' script and 's provided inspiration for many of the artifacts to collect.

  • Numerous samples <3

  • 's

  • 's

  • 's , BSD 3-Clause

  • 's , GPL License

  • 's

  • 's , GPL License

  • TrustedSec's , BSD 3-Clause

  • CENTRAL Solutions's , No license

  • Collection ideas inspired from 's

  • Office MRU locations and timestamp parsing information from Dustin Hurlbut's paper

  • The , used for sensitive regex construction

  • 's work

  • 's work on

  • Alexandru's answer on

  • Tomas Vera's

  • Marc Gravell's

  • 's

  • Some inspiration from spolnik's , Apache 2 license

  • on network profile information

  • Mark McKinnon's post on

  • This Specops

  • sa_ddam213's StackOverflow post on

  • Kirill Osenkov's

  • The for the SecBuffer/SecBufferDesc classes

  • and his project, for his project, and Lee Christensen for this project. All of these served as inspiration int he SecPackageCreds command.

  • @leftp and @eksperience's for inspiration for the FileZilla and SuperPutty commands

  • @funoverip for the original McAfee SiteList.xml decryption code

We've tried to do our due diligence for citations, but if we've left someone/something out, please let us know!

@andrewchiles
HostEnum.ps1
@tifkin_
Get-HostProfile.ps1
Boboes' code concerning NetLocalGroupGetMembers
ambyte's code for converting a mapped drive letter to a network path
Igor Korkhov's code to retrieve current token group information
RobSiklos' snippet to determine if a host is a virtual machine
JGU's snippet on file/folder ACL right comparison
Rod Stephens' pattern for recursive file enumeration
SwDevMan81's snippet for enumerating current token privileges
Jared Atkinson's PowerShell work on Kerberos ticket caches
darkmatter08's Kerberos C# snippet
PInvoke.net
Jared Hill's awesome CodeProject to use Local Security Authority to Enumerate User Sessions
Fred's code on querying the ARP cache
ShuggyCoUk's snippet on querying the TCP connection table
yizhang82's example of using reflection to interact with COM objects through C#
@djhohnstein
SharpWeb project
@djhohnstein
EventLogParser project
@cmaddalena
SharpCloud project
@_RastaMouse
Watson project
@_RastaMouse
Work on AppLocker enumeration
@peewpw
Invoke-WCMDump project
HoneyBadger project
Audit User Rights Assignment Project
@ukstufus
Reconerator
Microsoft Office 2007, 2010 - Registry Artifacts
Windows Commands list
Ryan Ries' code for enumeration mapped RPC endpoints
Chris Haas' post on EnumerateSecurityPackages()
darkoperator
on the HoneyBadger project
@airzero24
WMI Registry enumeration
RegistryKey.OpenBaseKey alternatives
post on JavaScriptSerializer
note on recursively listing files/folders
@mattifestation
Sysmon rule parser
Simple.CredentialsManager project
This post on Credential Guard settings
This thread
decoding the DateCreated and DateLastConnected SSID values
post on group policy caching
enumerating items in the Recycle Bin
code for managed assembly detection
Mono project
Elad Shamir
Internal-Monologue
Vincent Le Toux
DetectPasswordViaNTLMInFlow
GetNTLMChallenge
Gopher project