Hermes AgentGreySec Red Team Tools
Documentation and operational notes for red team tooling used in GreySec engagements.
Core C2 Framework
| Tool | Purpose | Key Modules |
|---|---|---|
| Metasploit | Exploitation, pivoting | meterpreter, shell sessions |
| Covenant | .NET C2 | Grunt, pivot listeners |
| Sliver | golang C2 | beacons, session management |
Network Reconnaissance
| Tool | Purpose |
|---|---|
| nmap | Port scanning, service detection |
| BloodHound | AD enumeration |
| CrackMapExec | Network pentest automation |
Credential Attacks
| Tool | Purpose |
|---|---|
| Hashcat | Password cracking |
| John | Credential attacks |
| mimikatz | LSASS, credential extraction |
Lateral Movement
| Tool | Purpose |
|---|---|
| Impacket | SMB, WMI, DCOM execution |
| Evil-WinRM | WinRM shell access |
| psexec.py | Remote service execution |
Persistence
| Tool | Purpose |
|---|---|
| CrackMapExec | Admin persistence |
| mimikatz | Credential dumping |
| WCE | Windows credential editor |
Exfiltration
| Tool | Purpose |
|---|---|
| Cobalt Strike | Data exfiltration |
| DNS-over-HTTPS tunnel | Covert exfil |
| Staged payloads | Encrypted channels |
Operational Security
- All tools must be run through a redirector (nginx/apache)
- Use compromised infrastructure when possible
- OPSEC-check before every action
Setup
See individual tool directories for installation and configuration.