Hong Kong

Hagrid29

Advanced
@Hagrid29

PELoader. PE loader with various shellcode injection techniques

454

DuplicateDump. Dumping LSASS with a duplicated handle from custom LSA plugin

207

BYOVDKit. bring your own vulnerable driver

124

BOF-DCOMPotato-PrintNotify. Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object to DCOM call of PrintNotify.

103

RemotePatcher. Patch AMSI and ETW in remote process via direct syscall

84

AbuseAzureAPIPermissions. Abuse Azure API permissions for red teaming

72

herpaderply_hollowing. Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping

69

CVE-2024-2432-PaloAlto-GlobalProtect-EoP. C++

64

BOF-SprayAD. Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray

47

DumpAADSyncCreds. C# implementation of Get-AADIntSyncCredentials from AADInternals, which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.

47

CertifyKit. Active Directory certificate abuse

43

BOF-CredUI. Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt

24

BOF-RemoteRegSave. Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer

18

DumpAADUserRPT. DumpAADUserRPT is C# implementation of Get-AADIntUserPRTToken from AADInternals which obtain Primary Refresh Token

13

ForeScout-SecureConnector-EoP. Arbitrary File Delete in Forescout SecureConnector before 11.3.06.0063

6

ReadWrite-DCOM. Perform directory listing, read and write file on remote computer via DCOM methods

4

webAccess-arbitrary-read-write. Python

1

CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient. C++

1
18
Apply