Los Angeles, CA

Justin Bui

Expert
@slyd0g

hackin'

DLLHijackTest. DLL and PowerShell script to assist with finding DLL hijacks

342

PrimaryTokenTheft. Steal a primary token and spawn cmd.exe using the stolen token

254

SharpClipboard. C# Clipboard Monitor

185

WhiteChocolateMacademiaNut. Interact with Chromium-based browsers' debug port to view open tabs, installed extensions, and cookies

185

UrbanBishopLocal. A port of FuzzySecurity's UrbanBishop project for inline shellcode execution

118

SwiftSpy. macOS keylogger, clipboard monitor, and screenshotter

93

SwiftInMemoryLoading. Swift implementation of in-memory Mach-O loading on macOS

68

TimeStomper. PoC that manipulates Windows file times using SetFileTime() API

63

LNKMod. C# project to create or modify existing LNKs

55

SK8RAT. C++ implant that interfaces with a SK8PARK server

49

ObjCShellcodeLoader. macOS shellcode loader written in Objective-C

48

SharpCrashEventLog. C# port of LogServiceCrash

46

DylibHijackTest. Discover DYLD_INSERT_LIBRARIES hijacks on macOS

45

SwiftParseTCC. Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format

40

SK8PARK. Python 3 server used to control SK8RAT implant

36

SharpRoast-Parser. Bash one-liner that will parse harmj0y's SharpRoast or Rebeus kerberoast into hashcat crack-able format.

32

XORShellcodeLoader. Loads shellcode from a resource file.

21

SwiftLiverpool. Enumerate Location Services using CoreLocation API on macOS

19

pwnVNC. Python script that will attempt connection to unauthenticated VNC sessions on the entire Internet and take a screenshot of the user's current session.

18

SharpCryptUnprotectData. C#

15

C-Sharp-Out-Minidump. C# implementation of Out-Minidump.ps1

10

SwiftPlist. Partial rewrite of the `plutil` utility on macOS

8

MacDirtyCowDemo. Get root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple's XNU source.

6

LyncSniper. LyncSniper: A tool for penetration testing Skype for Business and Lync deployments

4

darling. Darwin/macOS emulation layer for Linux

3

log4j-honeypot-flask. Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228

3

RdpThief. Extracting Clear Text Passwords from mstsc.exe using API Hooking.

2

shad0w. Covert post exploitation framework

2

Pwdb-Public. A collection of all the data i could extract from 1 billion leaked credentials from internet.

2

MacHack. Hidden Tools in macOS

2

Debian8JessieSetup. Run on a fresh install of Debian 8 Jessie to create a new user, give sudo privileges, update your system, update your source list and more!

2

Advanced-Process-Injection-Workshop. C++

2

MiniShare-1.4.1-RCE. MiniShare 1.4.1 remote buffer overflow leading to RCE.

2

Priv2Admin. Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

1

DelegationBOF. C++

1

inceptor. Template-Driven AV/EDR Evasion Framework

1

Havoc. The Havoc Framework

1

Crescendo. Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.

1

macOSTools. macOS Offensive Tools

1

AceLdr. Cobalt Strike UDRL for memory scanner evasion.

1

Alaris. A protective and Low Level Shellcode Loader that defeats modern EDR systems.

1

geacon. Practice Go programming and implement CobaltStrike's Beacon in Go

1

Nidhogg. Nidhogg is an all-in-one simple to use rootkit for red teams.

1

FunctionStomping. A new shellcode injection technique. Given as C++ header or standalone Rust program.

1

nim_shellloader. nim,免杀,红队,shellcode,bypass,apt,bypass-av.

1

TestingDLL. TestingDLL using ShellExecuteA to spawn processes

1

frostbyte. FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads

1

1PasswordSuite. Utilities to extract secrets from 1Password

1

SwiftBelt. A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool.

1

XORcipher. Script will ask you to encrypt or decrypt a message by XORing the message with a OTP.

1
50
Apply