Hagrid29

Hong Kong

Pinned Repositories

AbuseAzureAPIPermissions
Abuse Azure API permissions for red teaming
Language:PowerShell52 1 05
BOF-DCOMPotato-PrintNotify
Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object to DCOM call of PrintNotify.
Language:C++36 1 07
BOF-SprayAD
Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
Language:C40 1 01
BYOVDKit
bring your own vulnerable driver
Language:C++57 1 014
CVE-2024-2432-PaloAlto-GlobalProtect-EoP
Language:C++55 1 115
DumpAADSyncCreds
C# implementation of Get-AADIntSyncCredentials from AADInternals, which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.
Language:C#33 1 23
DuplicateDump
Dumping LSASS with a duplicated handle from custom LSA plugin
Language:C#192 2 122
herpaderply_hollowing
Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
Language:C40 4 011
PELoader
PE loader with various shellcode injection techniques
Language:C++344 9 455
RemotePatcher
Patch AMSI and ETW in remote process via direct syscall
Language:C73 3 010

Hagrid29's Repositories

Hagrid29/PELoader
PE loader with various shellcode injection techniques
Language:C++344 9 455
Hagrid29/DuplicateDump
Dumping LSASS with a duplicated handle from custom LSA plugin
Language:C#192 2 122
Hagrid29/RemotePatcher
Patch AMSI and ETW in remote process via direct syscall
Language:C73 3 010
Hagrid29/BYOVDKit
bring your own vulnerable driver
Language:C++57 1 014
Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP
Language:C++55 1 115
Hagrid29/AbuseAzureAPIPermissions
Abuse Azure API permissions for red teaming
Language:PowerShell52 1 05
Hagrid29/BOF-SprayAD
Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
Language:C40 1 01
Hagrid29/herpaderply_hollowing
Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
Language:C40 4 011
Hagrid29/BOF-DCOMPotato-PrintNotify
Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object to DCOM call of PrintNotify.
Language:C++36 1 07
Hagrid29/DumpAADSyncCreds
C# implementation of Get-AADIntSyncCredentials from AADInternals, which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.
Language:C#33 1 23
Hagrid29/CertifyKit
Active Directory certificate abuse
Language:C#26 1 02
Hagrid29/BOF-CredUI
Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
Language:C19 1 01
Hagrid29/BOF-RemoteRegSave
Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
Language:C11 1 03
Hagrid29/DumpAADUserRPT
DumpAADUserRPT is C# implementation of Get-AADIntUserPRTToken from AADInternals which obtain Primary Refresh Token
Language:C#7 1 00
Hagrid29/ForeScout-SecureConnector-EoP
Arbitrary File Delete in Forescout SecureConnector before 11.3.06.0063
Language:C++4 1 0
Hagrid29/ReadWrite-DCOM
Perform directory listing, read and write file on remote computer via DCOM methods
Language:PowerShell4 2 01

Hagrid29

Pinned Repositories

AbuseAzureAPIPermissions

BOF-DCOMPotato-PrintNotify

BOF-SprayAD

BYOVDKit

CVE-2024-2432-PaloAlto-GlobalProtect-EoP

DumpAADSyncCreds

DuplicateDump

herpaderply_hollowing

PELoader

RemotePatcher

Hagrid29's Repositories

Hagrid29/PELoader

Hagrid29/DuplicateDump

Hagrid29/RemotePatcher

Hagrid29/BYOVDKit

Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP

Hagrid29/AbuseAzureAPIPermissions

Hagrid29/BOF-SprayAD

Hagrid29/herpaderply_hollowing

Hagrid29/BOF-DCOMPotato-PrintNotify

Hagrid29/DumpAADSyncCreds

Hagrid29/CertifyKit

Hagrid29/BOF-CredUI

Hagrid29/BOF-RemoteRegSave

Hagrid29/DumpAADUserRPT

Hagrid29/ForeScout-SecureConnector-EoP

Hagrid29/ReadWrite-DCOM