This is your work, valued
NativeDump. Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
739wifi-pentesting-guide. WiFi Penetration Testing Guide
718TrickDump. Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
560instagram-followers-bot. A bot for Instagram. You can follow users using a tag or in a specific location, unfollow those who dont follow-you-back, and follow-back those who follow you
527NativeBypassCredGuard. Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
270WhoamiAlternatives. Different methods to get current username without using whoami
187adfsbrute. A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.
182covert-tube. Youtube as covert-channel - Control systems remotely and execute commands by uploading videos to Youtube
105SharpCovertTube. Youtube as C2 channel - Control Windows systems uploading QR videos to Youtube
101NativeTokenImpersonate. Impersonate Tokens using only NTAPI functions
85twitter-followers-bot. A bot for Twitter. You can follow users in a specific location or tweeting specific words and unfollow those who do not follow you back (and are not included in whitelist.txt). Also generates REPORTS!
77covert-control. Google Drive, OneDrive and Youtube as covert-channels - Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram
70wpa2-enterprise-attack. Virtual machines and scripts to attack WPA2-Enterprise networks through Rogue Access Points downgrading the authentication method to GTC
64DoubleTeam. Listener that spawns a new tmux window for each incoming reverse shell + Supports listening on many ports
59emqx-RCE. EMQX Dashboard Malicious Plugin leading to RCE
47MemorySnitcher. Vulnerable (on purpose) programs to leak NtReadVirtualMemory address for stealthier API resolution (no GetProcAddress, GetModuleHandle or LoadLibrary in the IAT)
43instagram-user-id. Get the user ID of any user in instagram
40Portswigger-Labs. All Apprentice and Practitioner-level Portswigger labs
39SharpSelfDelete. PoC to self-delete a binary in C#
36NativeNtdllRemap. Remap ntdll.dll using only NTAPI functions with a suspended process
28spotify-playlist-downloader. Downloading Spotify Playlists
28OSED-prep. Exploits written while preparing for the OSED exam
27SSSD-creds. Script to extract the cached credentials from SSSD, getting Active Directory credentials from Unix systems
25http-protocol-exfil. Exfiltrate files using the HTTP protocol version ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1)
24SharpObfuscate. Obfuscate payloads using IPv4, IPv6, MAC or UUID strings
24p-invoke.net. P/Invoke definitions from the most-of-the-time offline offline pinvoke.net. Website: https://ricardojoserf.gitbook.io/pinvoke
23slae32. The SecurityTube Linux Assembly Expert (SLAE) is an online course and certification which focuses on teaching the basics of 32-bit assembly language for the Intel Architecture (IA-32) family of processors on the Linux platform and applying it to Infosec
22Tinder-Searcher-and-DB-creation. Tinder user searcher and DB creation. Proof of concept for Tinder security team
19SharpNado. Repository to gather the .NET malware I will be developing
18CESP-ADCS-cheatsheet. Cheatsheet for Altered Security's CESP ADCS course
17ddos_simulation. DDoS simulation written in Python using "scapy" and "multiprocessing" libraries. Used for educational purposes
17ntds-analyzer. A tool to analyze Ntds.dit files once the NTLM and LM hashes have been cracked.
16s7-parser. Parser of the industrial protocol S7 (S7comm) using Libpcap
15subdoler. Easy subdomain finder from a list of company names, IP ranges or domains.
15MinidumpParser. C# program to parse Microsoft Minidump files and their streams
14vulnserver-exploits. Vulnserver exploits
14BOF_Files. Repository to gather the BOF files I will be developing
11jeringuilla. Process injection framework in C#. It uses dynamic function loading using delegates and AES-encryption for strings and payloads
10SharpNtdllOverwrite. Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder, a debugged process or a URL
10webmin-tor-bruteforce. Script to bruteforce Webmin allowing to rotate the IP address using Tor
9triangle-position. Triangle a coordinate given 3 or 4 coordinates
9omrs-rce-exploit. Online Marriage Registration System (OMRS) 1.0 - Remote code execution
9instagram-liker-all-posts. Like all posts of a user given the username in Instagram
8network-providers. Tests with Network Providers DLLs, adding some extra functionality to NPPSpy2 by @gtworek
8GetProcAddress. GetProcAddress implementation in C# walking the PEB using only NtReadVirtualMemory
8LM_original_password_cracker. Having the NTLM and a cracked LM hash it is possible to get the original password by testing all the combinations of upper and lowercases. This is useful if a ntds.dit file has both NTLM and LM hashes
7GetModuleHandle. GetModuleHandle implementation in C# using only NtQueryInformationProcess by walking the PEB
7amazon-mwaa-RCE. RCE in Amazon Managed Workflows for Apache Airflow (MWAA) service
7SharpProcessDump. Dump memory regions of a process using NtQueryVirtualMemory and NtReadVirtualMemory
7pywisam. A Wifi pentesting framework written in Python
7SharpEA. Read, write and delete Extended Attributes (EAs) within NTFS, to hide malicious payloads
6github-bot. Easy bot for starring or branching a huge number of repositories. Using pyGithub
6ipv4info_scraper. Get the IP blocks and domains from a company name by scrapping IPv4info
6username-generator. Generate list of possible usernames for attacks such as password spraying
5StealthyEnv. Stealthier alternative to whoami.exe in C#, it gets environment variables from PEB (PRTL_USER_PROCESS_PARAMETERS)
5pyNtdllOverwrite. Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process
5coinhive-example. Easy example using Coinhive in a simple page
4goNtdllOverwrite. Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process
4lsass-dumper. Dump lsass.exe generating a file with the hostname and date in txt format using C++.
3nodejs_webshell. Node.js webshell created using AngularJS. It is a MEAN app (MongoDB + Express + AngularJs + Node.js) with a CLI in a text box
3