Tools:
HRShell – Flask HTTP/HTTPS Reverse Shell/C2
Evil WinRM + Donut-Loader
USB Armory MKII
PyPyKatz-WASM – Parse lsass dumps in the cloud
https://shell.now.sh/
SMB2 snapshots with Impacket SMBClient
Python API wrapper for spyse.com tools
SharpDoor – termsrv.dll multiRDP patcher
Reading:
https://thehackernews.com/2019/09/windows-fileless-malware-attack.html
https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b
https://www.praetorian.com/blog/running-a-net-assembly-in-memory-with-meterpreter