GreySec Red Team Tools
Documentation and operational notes for red team tooling used in GreySec engagements.
Core C2 Framework
| Tool |
Purpose |
Key Modules |
| Metasploit |
Exploitation, pivoting |
meterpreter, shell sessions |
| Covenant |
.NET C2 |
Grunt, pivot listeners |
| Sliver |
golang C2 |
beacons, session management |
Network Reconnaissance
| Tool |
Purpose |
| nmap |
Port scanning, service detection |
| BloodHound |
AD enumeration |
| CrackMapExec |
Network pentest automation |
Credential Attacks
| Tool |
Purpose |
| Hashcat |
Password cracking |
| John |
Credential attacks |
| mimikatz |
LSASS, credential extraction |
Lateral Movement
| Tool |
Purpose |
| Impacket |
SMB, WMI, DCOM execution |
| Evil-WinRM |
WinRM shell access |
| psexec.py |
Remote service execution |
Persistence
| Tool |
Purpose |
| CrackMapExec |
Admin persistence |
| mimikatz |
Credential dumping |
| WCE |
Windows credential editor |
Exfiltration
| Tool |
Purpose |
| Cobalt Strike |
Data exfiltration |
| DNS-over-HTTPS tunnel |
Covert exfil |
| Staged payloads |
Encrypted channels |
Operational Security
- All tools must be run through a redirector (nginx/apache)
- Use compromised infrastructure when possible
- OPSEC-check before every action
Setup
See individual tool directories for installation and configuration.
Hermes Agent