This is your work, valued

Ceri Coburn

Elite
@CCob

SweetPotato. Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

1.8k

SharpBlock. A method of bypassing EDR's active projection DLL's by preventing entry point exection

1.2k

BeaconEye. Hunts out CobaltStrike beacons and logs operator command output

962

ThreadlessInject. Threadless Process Injection using remote function hooking.

822

BOF.NET. A .NET Runtime for Cobalt Strike's Beacon Object Files

784

lsarelayx. NTLM relaying for Windows made easy

580

Volumiser. C#

435

okta-terrify. Okta Verify and Okta FastPass Abuse Tool

344

DRSAT. Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

310

MirrorDump. Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory

271

MinHook.NET. A C# port of the MinHook API hooking library

236

gssapi-abuse. A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks

188

SylantStrike. Simple EDR implementation to demonstrate bypass

183

goreflect. Reflective DLL loading of your favorite Golang program

174

Shwmae. C#

165

dnMerge. A lightweight .NET assembly dependency merger that uses dnLib and 7zip's LZMA SDK for compressing dependant assemblies.

108

PIVert. C#

107

PinSwipe. Smart Card PIN swiping DLL

80

PwnyForm. C#

48

gookies. A Chrome cookie dumping utility

46

ProvisionAppx. C#

39

bittrex4j. Java library for accessing the Bittrex Web API's and Web Sockets

33

PoC. Exploit PoC for CVE's and non CVE's alike

22

SQL-BOF. Library of BOFs to interact with SQL servers

16

Jboss-Wilfly-Hashes-to-Hashcat. Converts JBoss/Wildfly management users properties file to hashcat format compatible with mode 20

12

chlonium. Chromium Cookie import / export tool

11

Rubeus. Trying to tame the three-headed dog.

9

InlineExecute-Assembly. InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module

5

VulnHub. VulnHub Walkthroughs

4

sandbox-attacksurface-analysis-tools. Set of tools to analyze Windows sandboxes for exposed attack surface.

3

gocrack. GoCrack is a management frontend for password cracking tools written in Go

3

nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.

3

metasploit-framework. Metasploit Framework

3

Certify. Active Directory certificate abuse.

2

nodebb-plugin-onesignal. Allows NodeBB to interface with the OneSignal service in order to provide push notifications via OneSignal, originally forked from nodebb-plugin-pushbullet

2

MediaPortal-AsteriskCid. C#

1

impacket. Impacket is a collection of Python classes for working with network protocols.

1

signalr-java-client. Java

1

SharpView. C# implementation of harmj0y's PowerView

1

JCAlgTest. Automated testing tool for algorithms from JavaCard API supported by particular smart card. Performance testing of almost all available methods. The results for more than 60+ cards.

1