New tool update

KIT/AddFirewallRule/README.md

@@ -0,0 +1,28 @@
+# AddFirewallRule
+Add a new inbound or outbound firewall rule using COM.
+
+>This operation requires elevated privileges. 
+
+## Arguments
+* `<direction>`: specify `in` for inbound or `out` for outbound.
+* `<port>`: specify a single port (80) or port range (80-1000).
+* `<rule name>`: specify the name of the new firewall rule.
+* `<rule group>`: specify the name of the rule group OR leave empty.
+* `<description>`: specify the description of the new rule OR leave empty.
+
+
+## Usage
+* `addfirewallrule <direction> <port> "<rule name>" "<rule group>" "<description>"`
+
+
+## Example
+* `addfirewallrule in 80 "ExampleRuleName1" "ExampleGroup1" "Test rule"`
+* `addfirewallrule out 80-1000 "ExampleRuleName2"`
+
+
+## Compile
+- 1\. Make sure Visual Studio is installed and supports C/C++.
+- 2\. Open the `x64 Native Tools Command Prompt for VS <2019/2022>` terminal.
+- 3\. Run the `bofcompile.bat` script to compile the object file. 
+- 4\. In Cobalt strike, use the script manager to load the .cna script to import the tool. 
+

KIT/AddFirewallRule/addfirewallrule.c

@@ -0,0 +1,105 @@
+#include <stdio.h>
+#include <Windows.h>
+#include <netfw.h>
+#include "addfirewallrule.h"
+#include "beacon.h"
+
+#pragma comment(lib, "comsuppw.lib")
+#pragma comment(lib, "Ole32.lib")
+#pragma comment(lib, "OleAut32.lib")
+
+
+HRESULT AddFirewallRule(BSTR ruleName, BSTR ruleDescription, BSTR ruleGroup, NET_FW_RULE_DIRECTION direction, BSTR localPorts, LONG protocol) {
+    HRESULT hr = S_OK;
+
+    INetFwPolicy2 *pNetFwPolicy2 = NULL;
+    INetFwRules *pRules = NULL;
+    INetFwRule *pRule = NULL;
+	
+	// Initialize COM.
+    hr = OLE32$CoInitializeEx(NULL, COINIT_MULTITHREADED);
+    if (FAILED(hr)) goto Cleanup;
+
+    // Create an instance of the firewall settings manager.
+    IID CLSIDNetFwPolicy2 = {0xe2b3c97f, 0x6ae1, 0x41ac, {0x81, 0x7a, 0xf6, 0xf9, 0x21, 0x66, 0xd7, 0xdd}};
+    IID IIDINetFwPolicy2 = {0x98325047, 0xc671, 0x4174, {0x8d, 0x81, 0xde, 0xfc, 0xd3, 0xf0, 0x31, 0x86}};
+    hr = OLE32$CoCreateInstance(&CLSIDNetFwPolicy2, NULL, CLSCTX_INPROC_SERVER, &IIDINetFwPolicy2, (void**)&pNetFwPolicy2);
+    if (FAILED(hr)) goto Cleanup;
+
+    // Retrieve the firewall rules collection.
+    hr = pNetFwPolicy2->lpVtbl->get_Rules(pNetFwPolicy2, &pRules);
+    if (FAILED(hr)) goto Cleanup;
+
+    // Create a new rule object.
+    IID CLSIDNetFwRule = {0x2c5bc43e, 0x3369, 0x4c33, {0xab, 0x0c, 0xbe, 0x94, 0x69, 0x67, 0x7a, 0xf4}};
+	IID IIDINetFwRule = {0xaf230d27, 0xbaba, 0x4e42, {0xac, 0xed, 0xf5, 0x24, 0xf2, 0x2c, 0xfc, 0xe2}};
+    hr = OLE32$CoCreateInstance(&CLSIDNetFwRule, NULL, CLSCTX_INPROC_SERVER, &IIDINetFwRule, (void**)&pRule);
+    if (FAILED(hr)) goto Cleanup;
+
+	pRule->lpVtbl->put_Direction(pRule, direction);
+	pRule->lpVtbl->put_Protocol(pRule, protocol);
+	pRule->lpVtbl->put_LocalPorts(pRule, localPorts);
+	pRule->lpVtbl->put_Action(pRule, NET_FW_ACTION_ALLOW);
+    pRule->lpVtbl->put_Profiles(pRule, NET_FW_PROFILE2_ALL);
+    pRule->lpVtbl->put_Name(pRule, ruleName);
+    pRule->lpVtbl->put_Description(pRule, ruleDescription);
+    pRule->lpVtbl->put_Grouping(pRule, ruleGroup);
+    pRule->lpVtbl->put_Enabled(pRule, VARIANT_TRUE);
+
+    // Add the rule.
+    hr = pRules->lpVtbl->Add(pRules, pRule);
+    if (FAILED(hr)) goto Cleanup;
+
+Cleanup:
+    if (pRule) pRule->lpVtbl->Release(pRule);
+    if (pRules) pRules->lpVtbl->Release(pRules);
+    if (pNetFwPolicy2) pNetFwPolicy2->lpVtbl->Release(pNetFwPolicy2);
+
+    OLE32$CoUninitialize();
+    return hr;
+}
+
+
+int go(char *args, int len) {
+	HRESULT hr;
+	datap parser;
+	CHAR *directionOption = "in"; //in | out
+	WCHAR *w_ruleName = "";
+    WCHAR *w_ruleDescription = "";
+    WCHAR *w_ruleGroup = "";
+    WCHAR *w_localPorts = "";
+
+	BeaconDataParse(&parser, args, len);
+	directionOption = BeaconDataExtract(&parser, NULL);
+	w_localPorts = BeaconDataExtract(&parser, NULL);
+	w_ruleName = BeaconDataExtract(&parser, NULL);
+	w_ruleGroup = BeaconDataExtract(&parser, NULL);
+	w_ruleDescription = BeaconDataExtract(&parser, NULL);
+	
+	
+	LONG protocol = NET_FW_IP_PROTOCOL_TCP;
+    BSTR ruleName = OLEAUT32$SysAllocString(w_ruleName);
+    BSTR ruleDescription = OLEAUT32$SysAllocString(w_ruleDescription);
+    BSTR ruleGroup = OLEAUT32$SysAllocString(w_ruleGroup);
+    BSTR localPorts = OLEAUT32$SysAllocString(w_localPorts);
+    
+	if(MSVCRT$strcmp(directionOption, "in") == 0) {
+		NET_FW_RULE_DIRECTION direction = NET_FW_RULE_DIR_IN;
+		hr = AddFirewallRule(ruleName, ruleDescription, ruleGroup, direction, localPorts, protocol);
+		if (SUCCEEDED(hr)) BeaconPrintf(CALLBACK_OUTPUT, "[+] Inbound firewall rule added successfully.\n");
+        else BeaconPrintf(CALLBACK_ERROR, "Add failed: 0x%08lx\n", hr);
+	} 
+	else {
+		NET_FW_RULE_DIRECTION direction = NET_FW_RULE_DIR_OUT;
+		hr = AddFirewallRule(ruleName, ruleDescription, ruleGroup, direction, localPorts, protocol);
+		if (SUCCEEDED(hr)) BeaconPrintf(CALLBACK_OUTPUT, "[+] Outbound firewall rule added successfully.\n");
+        else BeaconPrintf(CALLBACK_ERROR, "Add failed: 0x%08lx\n", hr);
+	}
+
+    OLEAUT32$SysFreeString(ruleName);
+    OLEAUT32$SysFreeString(ruleDescription);
+    OLEAUT32$SysFreeString(ruleGroup);
+    OLEAUT32$SysFreeString(localPorts);
+
+    return 0;
+}

KIT/AddFirewallRule/addfirewallrule.cna

@@ -0,0 +1,53 @@
+# author REDMED-X
+
+beacon_command_register(
+	"addfirewallrule", "Add a new inbound/outbound firewall rule.",
+	"INFO:\nAdd a new inbound/outbound firewall rule using COM.\n\n" .
+	"ARGUMENTS:\n[<direction>]: specify \"in\" for inbound or \"out\" for outbound.\n[<port>]: specify a single port (80) or port range (80-1000)\n[<rule name>]: specify the name of the new rule.\n[<rule group>]: specify the name of the rule group OR leave empty.\n[<description>]: specify the description of the new rule OR leave empty.\n\n" .
+	"USAGE:\naddfirewallrule <direction> <port> \"<rule name>\" \"<rule group>\" \"<description>\"\n\n" .
+	"EXAMPLES:\naddfirewallrule in 80 \"ExampleRuleName1\" \"ExampleGroup1\" \"Test rule\"\naddfirewallrule out 80-1000 \"ExampleRuleName2\" \n\n");
+	
+alias addfirewallrule {
+    $bid = $1;
+    $direction = $2;
+    $port = $3;
+    $name = $4;
+	$group = $5;
+	$description = $6;
+
+    if ($direction eq "") {
+        berror($bid, "Please specify one of the following rule options: in | out\n");
+        return;
+    }
+
+    if ($direction eq "in" || $direction eq "out") {
+        if ($port eq "") {
+            berror($bid, "Please specify a single port or port range.\n");
+            return;
+        }
+        if ($name eq "") {
+            berror($bid, "Please specify a name of the new firewall rule.\n");
+            return;
+        }
+    }
+    else {
+        berror($bid, "This option isn't supported. Please specify one of the following options: in | out\n");
+        return;
+    }
+	
+    # Read in the right BOF file
+    $handle = openf(script_resource("addfirewallrule.o"));
+    $data   = readb($handle, -1);
+    closef($handle);
+
+    # Pack our arguments
+    $arg_data  = bof_pack($bid, "zZZZZ", $direction, $port, $name, $group, $description);
+
+    blog($bid, "Tasked to add a new firewall rule..");
+    beacon_inline_execute($bid, $data, "go", $arg_data);
+}
+
+
+
+
+

KIT/AddFirewallRule/addfirewallrule.h

@@ -0,0 +1,10 @@
+#include <windows.h>  
+
+//AddFirewallRule
+DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeEx(LPVOID pvReserved, DWORD dwCoInit);
+DECLSPEC_IMPORT void WINAPI OLE32$CoUninitialize(void);
+DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateInstance (REFCLSID rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, REFIID riid, LPVOID *ppv);
+WINBASEAPI BSTR WINAPI OLEAUT32$SysAllocString(const OLECHAR *);
+WINBASEAPI void WINAPI OLEAUT32$SysFreeString(BSTR);
+WINBASEAPI int __cdecl MSVCRT$printf(const char * _Format,...);
+WINBASEAPI int __cdecl MSVCRT$strcmp(const char *str1, const char *str2);

KIT/AddFirewallRule/beacon.h

@@ -0,0 +1,69 @@
+/*
+ * Beacon Object Files (BOF)
+ * -------------------------
+ * A Beacon Object File is a light-weight post exploitation tool that runs
+ * with Beacon's inline-execute command.
+ *
+ * Additional BOF resources are available here:
+ *   - https://github.com/Cobalt-Strike/bof_template
+ *
+ * Cobalt Strike 4.x
+ * ChangeLog:
+ *    1/25/2022: updated for 4.5
+ */
+
+/* data API */
+typedef struct {
+	char * original; /* the original buffer [so we can free it] */
+	char * buffer;   /* current pointer into our buffer */
+	int    length;   /* remaining length of data */
+	int    size;     /* total size of this buffer */
+} datap;
+
+DECLSPEC_IMPORT void    BeaconDataParse(datap * parser, char * buffer, int size);
+DECLSPEC_IMPORT char *  BeaconDataPtr(datap * parser, int size);
+DECLSPEC_IMPORT int     BeaconDataInt(datap * parser);
+DECLSPEC_IMPORT short   BeaconDataShort(datap * parser);
+DECLSPEC_IMPORT int     BeaconDataLength(datap * parser);
+DECLSPEC_IMPORT char *  BeaconDataExtract(datap * parser, int * size);
+
+/* format API */
+typedef struct {
+	char * original; /* the original buffer [so we can free it] */
+	char * buffer;   /* current pointer into our buffer */
+	int    length;   /* remaining length of data */
+	int    size;     /* total size of this buffer */
+} formatp;
+
+DECLSPEC_IMPORT void    BeaconFormatAlloc(formatp * format, int maxsz);
+DECLSPEC_IMPORT void    BeaconFormatReset(formatp * format);
+DECLSPEC_IMPORT void    BeaconFormatAppend(formatp * format, char * text, int len);
+DECLSPEC_IMPORT void    BeaconFormatPrintf(formatp * format, char * fmt, ...);
+DECLSPEC_IMPORT char *  BeaconFormatToString(formatp * format, int * size);
+DECLSPEC_IMPORT void    BeaconFormatFree(formatp * format);
+DECLSPEC_IMPORT void    BeaconFormatInt(formatp * format, int value);
+
+/* Output Functions */
+#define CALLBACK_OUTPUT      0x0
+#define CALLBACK_OUTPUT_OEM  0x1e
+#define CALLBACK_OUTPUT_UTF8 0x20
+#define CALLBACK_ERROR       0x0d
+
+DECLSPEC_IMPORT void   BeaconOutput(int type, char * data, int len);
+DECLSPEC_IMPORT void   BeaconPrintf(int type, char * fmt, ...);
+
+
+/* Token Functions */
+DECLSPEC_IMPORT BOOL   BeaconUseToken(HANDLE token);
+DECLSPEC_IMPORT void   BeaconRevertToken();
+DECLSPEC_IMPORT BOOL   BeaconIsAdmin();
+
+/* Spawn+Inject Functions */
+DECLSPEC_IMPORT void   BeaconGetSpawnTo(BOOL x86, char * buffer, int length);
+DECLSPEC_IMPORT void   BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len);
+DECLSPEC_IMPORT void   BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len);
+DECLSPEC_IMPORT BOOL   BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo);
+DECLSPEC_IMPORT void   BeaconCleanupProcess(PROCESS_INFORMATION * pInfo);
+
+/* Utility Functions */
+DECLSPEC_IMPORT BOOL   toWideChar(char * src, wchar_t * dst, int max);

KIT/AddFirewallRule/bofcompile.bat

@@ -0,0 +1,5 @@
+@ECHO OFF
+
+cl.exe /nologo /c /Od /MT /W0 /GS- /Tc addfirewallrule.c
+move /y addfirewallrule.obj addfirewallrule.o
+

KIT/DelFirewallRule/README.md

@@ -0,0 +1,23 @@
+# DelFirewallRule
+Delete a firewall rule using COM..
+
+>This operation requires elevated privileges. 
+
+## Arguments
+* `<rule name>`: the name of the firewall rule you want to delete.
+
+
+## Usage
+* `delfirewallrule "<rule name>"`
+
+
+## Example
+* `delfirewallrule "ExampleRuleName1"`
+
+
+## Compile
+- 1\. Make sure Visual Studio is installed and supports C/C++.
+- 2\. Open the `x64 Native Tools Command Prompt for VS <2019/2022>` terminal.
+- 3\. Run the `bofcompile.bat` script to compile the object file. 
+- 4\. In Cobalt strike, use the script manager to load the .cna script to import the tool. 
+

KIT/DelFirewallRule/beacon.h

@@ -0,0 +1,69 @@
+/*
+ * Beacon Object Files (BOF)
+ * -------------------------
+ * A Beacon Object File is a light-weight post exploitation tool that runs
+ * with Beacon's inline-execute command.
+ *
+ * Additional BOF resources are available here:
+ *   - https://github.com/Cobalt-Strike/bof_template
+ *
+ * Cobalt Strike 4.x
+ * ChangeLog:
+ *    1/25/2022: updated for 4.5
+ */
+
+/* data API */
+typedef struct {
+	char * original; /* the original buffer [so we can free it] */
+	char * buffer;   /* current pointer into our buffer */
+	int    length;   /* remaining length of data */
+	int    size;     /* total size of this buffer */
+} datap;
+
+DECLSPEC_IMPORT void    BeaconDataParse(datap * parser, char * buffer, int size);
+DECLSPEC_IMPORT char *  BeaconDataPtr(datap * parser, int size);
+DECLSPEC_IMPORT int     BeaconDataInt(datap * parser);
+DECLSPEC_IMPORT short   BeaconDataShort(datap * parser);
+DECLSPEC_IMPORT int     BeaconDataLength(datap * parser);
+DECLSPEC_IMPORT char *  BeaconDataExtract(datap * parser, int * size);
+
+/* format API */
+typedef struct {
+	char * original; /* the original buffer [so we can free it] */
+	char * buffer;   /* current pointer into our buffer */
+	int    length;   /* remaining length of data */
+	int    size;     /* total size of this buffer */
+} formatp;
+
+DECLSPEC_IMPORT void    BeaconFormatAlloc(formatp * format, int maxsz);
+DECLSPEC_IMPORT void    BeaconFormatReset(formatp * format);
+DECLSPEC_IMPORT void    BeaconFormatAppend(formatp * format, char * text, int len);
+DECLSPEC_IMPORT void    BeaconFormatPrintf(formatp * format, char * fmt, ...);
+DECLSPEC_IMPORT char *  BeaconFormatToString(formatp * format, int * size);
+DECLSPEC_IMPORT void    BeaconFormatFree(formatp * format);
+DECLSPEC_IMPORT void    BeaconFormatInt(formatp * format, int value);
+
+/* Output Functions */
+#define CALLBACK_OUTPUT      0x0
+#define CALLBACK_OUTPUT_OEM  0x1e
+#define CALLBACK_OUTPUT_UTF8 0x20
+#define CALLBACK_ERROR       0x0d
+
+DECLSPEC_IMPORT void   BeaconOutput(int type, char * data, int len);
+DECLSPEC_IMPORT void   BeaconPrintf(int type, char * fmt, ...);
+
+
+/* Token Functions */
+DECLSPEC_IMPORT BOOL   BeaconUseToken(HANDLE token);
+DECLSPEC_IMPORT void   BeaconRevertToken();
+DECLSPEC_IMPORT BOOL   BeaconIsAdmin();
+
+/* Spawn+Inject Functions */
+DECLSPEC_IMPORT void   BeaconGetSpawnTo(BOOL x86, char * buffer, int length);
+DECLSPEC_IMPORT void   BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len);
+DECLSPEC_IMPORT void   BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len);
+DECLSPEC_IMPORT BOOL   BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo);
+DECLSPEC_IMPORT void   BeaconCleanupProcess(PROCESS_INFORMATION * pInfo);
+
+/* Utility Functions */
+DECLSPEC_IMPORT BOOL   toWideChar(char * src, wchar_t * dst, int max);

KIT/DelFirewallRule/bofcompile.bat

@@ -0,0 +1,4 @@
+@ECHO OFF
+
+cl.exe /nologo /c /Od /MT /W0 /GS- /Tc delfirewallrule.c
+move /y delfirewallrule.obj delfirewallrule.o

KIT/DelFirewallRule/delfirewallrule.c

@@ -0,0 +1,64 @@
+#include <stdio.h>
+#include <Windows.h>
+#include <netfw.h>
+#include "delfirewallrule.h"
+#include "beacon.h"
+
+#pragma comment(lib, "comsuppw.lib")
+#pragma comment(lib, "Ole32.lib")
+#pragma comment(lib, "OleAut32.lib")
+
+
+HRESULT RemoveFirewallRule(BSTR ruleName) {
+    HRESULT hr = S_OK;
+
+    INetFwPolicy2 *pNetFwPolicy2 = NULL;
+    INetFwRules *pRules = NULL;
+
+    // Initialize COM.
+    hr = OLE32$CoInitializeEx(NULL, COINIT_MULTITHREADED);
+    if (FAILED(hr)) goto Cleanup;
+
+    // Create an instance of the firewall settings manager.
+    IID CLSIDNetFwPolicy2 = {0xe2b3c97f, 0x6ae1, 0x41ac, {0x81, 0x7a, 0xf6, 0xf9, 0x21, 0x66, 0xd7, 0xdd}};
+    IID IIDINetFwPolicy2 = {0x98325047, 0xc671, 0x4174, {0x8d, 0x81, 0xde, 0xfc, 0xd3, 0xf0, 0x31, 0x86}};
+    hr = OLE32$CoCreateInstance(&CLSIDNetFwPolicy2, NULL, CLSCTX_INPROC_SERVER, &IIDINetFwPolicy2, (void**)&pNetFwPolicy2);
+    if (FAILED(hr)) goto Cleanup;
+
+    // Retrieve the firewall rules collection.
+    hr = pNetFwPolicy2->lpVtbl->get_Rules(pNetFwPolicy2, &pRules);
+    if (FAILED(hr)) goto Cleanup;
+
+    // Remove the rule.
+    hr = pRules->lpVtbl->Remove(pRules, ruleName);
+    if (FAILED(hr)) goto Cleanup;
+
+Cleanup:
+    if (pRules) pRules->lpVtbl->Release(pRules);
+    if (pNetFwPolicy2) pNetFwPolicy2->lpVtbl->Release(pNetFwPolicy2);
+
+    OLE32$CoUninitialize();
+    return hr;
+}
+
+int go(char *args, int len) {
+    HRESULT hr;
+	datap parser;
+	WCHAR *w_ruleName = "";
+
+	BeaconDataParse(&parser, args, len);
+	w_ruleName = BeaconDataExtract(&parser, NULL);
+	
+    BSTR ruleName = OLEAUT32$SysAllocString(w_ruleName);
+    
+    hr = RemoveFirewallRule(ruleName);
+    if (SUCCEEDED(hr)) {
+        BeaconPrintf(CALLBACK_OUTPUT, "[+] Firewall rule removed successfully.\n");
+    } else {
+        BeaconPrintf(CALLBACK_ERROR, "Failed to remove the firewall rule with error code: 0x%08lx\n", hr);
+    }
+
+    OLEAUT32$SysFreeString(ruleName);
+    return 0;
+}
+

KIT/DelFirewallRule/delfirewallrule.cna

@@ -0,0 +1,34 @@
+# author REDMED-X
+
+beacon_command_register(
+	"delfirewallrule", "Delete a firewall rule.",
+	"INFO:\nDelete a firewall rule using COM.\n\n" .
+	"ARGUMENTS:\n[<rule name>]: the name of the firewall rule you want to delete.\n\n" .
+	"USAGE:\ndelfirewallrule \"<rule name>\"\n\n" .
+	"EXAMPLES:\ndelfirewallrule \"ExampleRuleName1\"\n\n");
+	
+alias delfirewallrule {
+    $bid = $1;
+    $name = $2;
+	
+    if ($name eq "") {
+        berror($bid, "Please specify the name of the firewall rule you want to delete.\n");
+        return;
+    }
+	
+    # Read in the right BOF file
+    $handle = openf(script_resource("delfirewallrule.o"));
+    $data   = readb($handle, -1);
+    closef($handle);
+
+    # Pack our arguments
+    $arg_data  = bof_pack($bid, "Z", $name);
+
+    blog($bid, "Tasked to delete a new firewall rule..");
+    beacon_inline_execute($bid, $data, "go", $arg_data);
+}
+
+
+
+
+

KIT/DelFirewallRule/delfirewallrule.h

@@ -0,0 +1,12 @@
+#include <windows.h>  
+
+//RemoveFirewallRule
+DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeEx(LPVOID pvReserved, DWORD dwCoInit);
+DECLSPEC_IMPORT void WINAPI OLE32$CoUninitialize(void);
+DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateInstance (REFCLSID rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, REFIID riid, LPVOID *ppv);
+WINBASEAPI BSTR WINAPI OLEAUT32$SysAllocString(const OLECHAR *);
+WINBASEAPI void WINAPI OLEAUT32$SysFreeString(BSTR);
+WINBASEAPI int __cdecl MSVCRT$printf(const char * _Format,...);
+
+
+

README.md

@@ -6,11 +6,13 @@ The following tools are currently in the operators' kit:
 
 |Name|Decription|
 |----|----------|
+|**[AddFirewallRule](KIT/AddFirewallRule)**|Add a new inbound/outbound firewall rule.|
 |**[AddLocalCert](KIT/AddLocalCert)**|Add a (self signed) certificate to a specific local computer certificate store.|
 |**[AddTaskScheduler](KIT/AddTaskScheduler)**|Create a scheduled task on the current- or remote host.|
 |**[BlindEventlog](KIT/BlindEventlog)**|Blind Eventlog by suspending its threads.|
 |**[CaptureNetNTLM](KIT/CaptureNetNTLM)**|Capture the NetNTLMv2 hash of the current user.|
 |**[CredPrompt](KIT/CredPrompt)**|Start persistent credential prompt in an attempt to capture user credentials.|
+|**[DelFirewallRule](KIT/DelFirewallRule)**|Delete a firewall rule.|
 |**[DelLocalCert](KIT/DelLocalCert)**|Delete a local computer certificate from a specific store.|
 |**[DelTaskScheduler](KIT/DelTaskScheduler)**|Delete a scheduled task on the current- or a remote host.|
 |**[DllEnvHijacking](KIT/DllEnvHijacking)**|BOF implementation of DLL environment hijacking published by [Wietze](https://www.wietzebeukema.nl/blog/save-the-environment-variables).|
@@ -39,4 +41,4 @@ Each individual tool has its own README file with usage information and compile
 ## Credits
 A round of virtual applause to [reenz0h](https://twitter.com/SEKTOR7net). Lots of tools in this kit are based on his code examples from the Malware Development and Windows Evasion courses. I highly recommend purchasing them!
 
-Furthermore, some code from the [CS-Situational-Awareness-BOF](https://github.com/trustedsec/CS-Situational-Awareness-BOF/blob/master/src/common/base.c) project is copied to neatly print beacon output. 
+Furthermore, some code from the [CS-Situational-Awareness-BOF](https://github.com/trustedsec/CS-Situational-Awareness-BOF/blob/master/src/common/base.c) project is used to neatly print beacon output.