Tools

CredPhish – A PowerShell Script Designed To Invoke Legitimate Credential Prompts And Exfiltrate Passwords Over DNS

July 29, 2021

CredPhish 1 credphish 752010

CredPhish is a PowerShell script designed to invoke credential prompts and exfiltrate passwords. It relies on CredentialPicker to collect user passwords, Resolve-DnsName for DNS exfiltration, and Windows Defender’s ConfigSecurityPolicy.exe to perform arbitrary GET requests.

For a walkthrough, see the Black Hills Infosec publication.

Download CredPhish

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 15, 2024

CISA

CISA: CISA Releases One Industrial Control Systems Advisory

November 15, 2024

CISA

CISA: Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

November 15, 2024

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 15, 2024

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 15, 2024

Original Source

You may have missed

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Releases One Industrial Control Systems Advisory

CISA: Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog