Stars
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
xforcered / BokuLoader
Forked from boku7/BokuLoaderA proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
IntelOwl: manage your Threat Intelligence at scale
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditiona…
Demos for the Blackhat USA 2022 talk "Taking Kerberos to the Next Level"
A simple program to hook the current process to identify the manual syscall executions on windows
Convert shellcode into ✨ different ✨ formats!
Pseudorandom AES-256 encryption designed to protect shellcode and arbitrary strings. C# and C/C++ compatible.
snovvcrash / MirrorDump
Forked from CCob/MirrorDumpAnother LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory
C# Kernel Mode Driver to read and write memory in protected processes
Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)
Python3 terminal application that contains 405 Neo4j cyphers for BloodHound data sets and 388 GUI cyphers
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
PoC Implementation of a fully dynamic call stack spoofer
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
HardeningKitty and Windows Hardening Settings
Tools and Techniques for Red Team / Penetration Testing
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w…
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!