This toolkit allows you to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks.
Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team; some of the tools took years to complete, and all of the tools work in a straightforward manner. CQTools is the ultimate toolkit to have when delivering a penetration test. The tools work simply, and we use them in practice during our cybersecurity assignments.
Tools included (view whitepaper for full list of tools and usage)
CQWSLMon.exe – Windows Subsystem for Linux (WSL) is a compatibility layer for running Linux binary executables (in ELF format) natively on Windows 10 and Windows Server 2019.
CQRegKeyLastWriteTime.exe – Allows to extract information about the datetime when the Registry Key was modified for the last time.
CQNTDSDTDecrypter.exe – Decrypts ntds.ditfileby providing appropriate Bootkey, extractspassword hashes, KDS master root keys
CQDPAPIBlobDecrypter.exe – Decrypts Blob with DPAPI.
CQDPAPIBlobSearcher.exe – Search for DPAPI blobs inside a file.
CQDPAPIEncDec.exe – Encryptsand decryptstext using DPAPI.
CQDPAPIKeePassDBDecryptor.exe – Allows to decrypt KeePass database by using DPAPI data that is possessed from the domain.
CQETWKeylogger.exe – Keylogger based on ETW(Event Tracing for Windows).It only uses features built in Windows system, so noadditional software is needed to perform the attack.
CQImpersonate.exe – This tool allows to run a command in the context of any of the authenticated users from your system. This tool requires to be run in the LOCAL_SYSTEM context
CQRegTool.exe – Registry analyzer.