From a6c3806852cc08f831c1b21150d3ca4fc2db1515 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Sun, 31 Mar 2019 21:26:21 +0700
Subject: [PATCH] [Tools][Post Exploitation] paranoidninja/CarbonCopy

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 0a06f22..d652677 100644
--- a/README.md
+++ b/README.md
@@ -549,6 +549,8 @@ _return-to-libc techniques_
     - **Extension search order hijacking**: Manipulate extension search order which `.COM` has been looked for first before `.EXE` by making the actual `.EXE` disappeared and place dummy `.COM` with the same name as `.EXE` on the same directory
     - **PowerShell injection vulnerability**: Use `SyncAppvPublishingServer.exe` to execute powershell cmdlet e.g. `SyncAppvPublishingServer.exe ".; Start-Process calc.exe`
 - [Golden Ticket](https://pentestlab.blog/2018/04/09/golden-ticket/)
+- [paranoidninja/CarbonCopy](A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
+)
 - [Post Exploitation Using NetNTLM Downgrade Attacks](https://www.optiv.com/blog/post-exploitation-using-netntlm-downgrade-attacks)
 - [Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)](https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa)