This is your work, valued
DefenderCheck. Identifies the bytes that Microsoft Defender flags on.
2.6kOffensiveCSharp. Collection of Offensive C# Tooling
1.5kShhmon. Silencing Sysmon via driver unload
238SHAPESHIFTER. Companion PoC for the "Adventures in Dynamic Evasion" blog post
128spotter. Targeted Payload Execution
101FindETWProviderImage. Quickly search for references to a GUID in DLLs, EXEs, and drivers
74cpuid. A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class
27getDA.sh. Identify common attack paths to get Domain Administrator
21misc. Collection of things I've written on pentests to make life easier.
16penteensy. USB HID for Penetration Testing
13StandIn. StandIn is a small .NET35/45 AD post-exploitation toolkit
8SharpStay. .NET project for installing Persistence
7unicorn. Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
3PowerSploit. PowerSploit - A PowerShell Post-Exploitation Framework
3openedr. Open EDR public repository
2Empire. Empire is a PowerShell and Python post-exploitation agent.
2EyeWitness. EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
1cpuid_for_antivm. A collection of cpuid instruction implementations for anti-vm purposes.
1ferrisetw. Basically a KrabsETW rip-off written in Rust
1wmi-rs. WMI crate for rust
1malleable-c2. Cobalt Strike Malleable C2 Design and Reference Guide
1SharpHound3. C# Data Collector for the BloodHound Project, Version 3
1elam. A Practical example of ELAM (Early Launch Anti-Malware)
1SharpHound. C#
1EmPyre. A post-exploitation OS X/Linux agent written in Python 2.7
1Mythic. A collaborative, multi-platform, red teaming framework
1InternetCatFeeder. Raspberry Pi internet-enabled cat feeder using the PicoBorg Reverse
1Seatbelt. Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
1