Seattle, WA

Will Schroeder

Elite
@HarmJ0y

Researcher @SpecterOps. Coding towards chaotic good.

CheatSheets. Cheat sheets for various projects.

1.1k

DAMP. The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification

384

PowerUp. This version of PowerUp is now unsupported. See https://github.com/Veil-Framework/PowerTools/tree/master/PowerUp for the most current version.

255

ASREPRoast. Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled.

210

Misc-PowerShell. Misc. PowerShell scripts

120

TrustVisualizer. Python script that takes new output from Get-DomainTrustMapping .csvs and outputs graphml. Based on DomainTrustExplorer.

102

pylnker. This is a Python port of lnk-parse-1.0, a tool to parse Windows .lnk files.

80

cortana. This is a pack of Cortana scripts commonly used on our pentests.

70

ImpDump. This is a simple parser for/decrypter for Impacket's esentutl.py utility. It assists with decrypting hashes and hash histories from ntds.dit databases.

70

EncryptedStore. Offensive Data Storage

61

Arya. Arya is a simple obfuscator for .NET binaries.

37

Invoke-ADDefense. Defensive-oriented Active Directory enumeration

23

Malleable-C2-Profiles. Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use.

19

NetRipper. NetRipper - Smart traffic sniffing for penetration testers

17

PowerShellArsenal. A PowerShell Module Dedicated to Reverse Engineering

15

red_team_tool_countermeasures. YARA

12

SharpMove. .NET Project for performing Authenticated Remote Execution

12

PowerSploit. PowerSploit - A PowerShell Post-Exploitation Framework

12

WINspect. Powershell-based Windows Security Auditing Toolbox

10

sparta. Network Infrastructure Penetration Testing Tool

10

cortana-scripts. A collection of Cortana scripts that you may use with Armitage and Cobalt Strike.

9

Powershellery. This repo contains Powershell scripts used for general hackery.

8

Invoke-Obfuscation. PowerShell Obfuscator

8

2018. PowerShell Conference Europe 2018 Slides and Demo Scripts

8

GhostLoader. GhostLoader - AppDomainManager - Injection - 攻壳机动队

8

InlineExecute-Assembly. InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module

8

PowerUpSQL. PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

8

netview. Netview enumerates systems using WinAPI calls

7

Ps-Tools. Ps-Tools, an advanced process monitoring toolkit for offensive operations

7

PEzor. Open-Source PE Packer

7

Invoke-AltDSBackdoor. PowerShell

7

SharpSphere. .NET Project for Attacking vCenter

6

Misc-PowerShell-Stuff. random powershell goodness

6

2016. PowerShell Conference EU 2016 Slides and Demo Scripts

6

IndicatorOfCanary. Canary Detection

6

cypher_validator. Simple Python validator for Cypher query syntax.

6

ATPMiniDump. Evading WinDefender ATP credential-theft

6

RdpThief. Extracting Clear Text Passwords from mstsc.exe using API Hooking.

6

Recon-AD. Recon-AD, an AD recon tool based on ADSI and reflective DLL’s

5

WMIReg. PoC to interact with local/remote registry hives through WMI

5

Dumpert. LSASS memory dumper using direct system calls and API unhooking.

5

Zipper. Zipper, a CobaltStrike file and folder compression utility.

5

Inveigh. Inveigh is a Windows PowerShell LLMNR/NBNS spoofer with challenge/response capture over HTTP/SMB

5

NBDServer. Network Block Device Server for windows with a DFIR/forensic focus.

5

sRDI. Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

5

PSReflect. Easily define in-memory enums, structs, and Win32 functions in PowerShell

4

GetInjectedThreads. C# Implementation of Jared Atkinson's Get-InjectedThread.ps1

4

BOF.NET. A .NET Runtime for Cobalt Strike's Beacon Object Files

2

SharpClipboard. C# Clipboard Monitor

2

slack.

1

counterfit. a CLI that provides a generic automation layer for assessing the security of ML models

1
51
Apply