Pass-The-Hash Toolkit
[Pass-The-Hash Toolkit] is a toolkit that allows an adversary to "pass" a password hash (without knowing the original password) to log in to systems. (Citation: Mandiant APT1)
Mimikatz
[Mimikatz] is a credential dumper capable of obtaining plaintext Windows account logins and passwords, along with many other features that make it useful for testing the security of networks. (Citation: Deply Mimikatz) (Citation: Adsecurity Mimikatz Guide)
gsecdump
[gsecdump] is a publicly-available credential dumper used to obtain password hashes and LSA secrets from Windows operating systems. (Citation: TrueSec Gsecdump)
IronNetInjector
[IronNetInjector] is a [Turla](https://attack.mitre.org/groups/G0010) toolchain that utilizes scripts from the open-source IronPython implementation of Python with a .NET injector to drop one or more payloads including [ComRAT](https://attack.mitre.org/software/S0126).(Citation: Unit 42 IronNetInjector February 2021 )
nbtstat
[nbtstat] is a utility used to troubleshoot NetBIOS name resolution. (Citation: TechNet Nbtstat)
Invoke-PSImage
[Invoke-PSImage] takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a one liner for executing either from a file of from the web. Example of usage is embedding the PowerShell code from the Invoke-Mimikatz module and embed it into an image file. By calling the image file from a macro for example, the macro will download the picture and execute
NBTscan
[NBTscan] is an open source tool that has been used by state groups to conduct internal reconnaissance within a compromised network.(Citation: Debian nbtscan Nov 2019)(Citation: SecTools nbtscan June 2003)(Citation: Symantec Waterbug Jun 2019)(Citation: FireEye APT39 Jan 2019)
LaZagne
[LaZagne] is a post-exploitation, open-source tool used to recover stored passwords on a system. It has modules for Windows, Linux, and OSX, but is mainly focused on Windows systems. [LaZagne] is publicly available on GitHub.(Citation: GitHub LaZagne Dec 2018)
Ping
[Ping] is an operating system utility commonly used to troubleshoot and verify network connections. (Citation: TechNet Ping)
cmd
[cmd] is the Windows command-line interpreter that can be used to interact with systems and execute other processes and utilities. (Citation: TechNet Cmd)
Cmd.exe contains native functionality to perform many operations to interact with the system, including listing files in a directory (e.g., dir
(Citation: TechNet Dir)), deleting files (e.g., del
(Citation: TechNet Del