-
NTLMRelay2Self Public
An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
-
SigFlip Public
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
-
-
ExecuteAssembly Public
Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avo…
-
GadgetToJScript Public
A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
-
Scrncat Public
A script using OCR (pytesseract) and PIL to rename/order/group Screenshots into PR/RT phases based on which RT/PT stage executed commands correspond to & Redact passwords based on common password p…
-
ICS-Security-Tools Public
Forked from ITI/ICS-Security-ToolsTools, tips, tricks, and more for exploring ICS Security.
-
NoAmci Public
Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
-
elk-detection-lab Public
Forked from thomaspatzke/elk-detection-labAn ELK environment containing interesting security datasets.
-
genxlm Public
A simple script to generate JScript code for calling Win32 API functions using XLM/Excel 4.0 macros via Excel.Application "ExecuteExcel4Macro"
-
RT-EWS Public
A Powershell module including a couple of cmdlets for EWS Enum/Exploitation.
-
NET-Assembly-Inject-Remote Public
.NET assembly local/remote loading/injection into memory.
-
maruos Public
Forked from maruos/maruosYour phone is your PC.
-
CSharpScripts Public
Forked from Arno0x/CSharpScriptsCollection of C# scripts
-
ProcessHider Public
Forked from M00nRise/ProcessHiderPost-exploitation tool for hiding processes from monitoring applications
{{ message }}