Pinned Repositories
AbuseAzureAPIPermissions
Abuse Azure API permissions for red teaming
BOF-DCOMPotato-PrintNotify
Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object to DCOM call of PrintNotify.
BOF-SprayAD
Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
BYOVDKit
bring your own vulnerable driver
CVE-2024-2432-PaloAlto-GlobalProtect-EoP
DumpAADSyncCreds
C# implementation of Get-AADIntSyncCredentials from AADInternals, which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.
DuplicateDump
Dumping LSASS with a duplicated handle from custom LSA plugin
herpaderply_hollowing
Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
PELoader
PE loader with various shellcode injection techniques
RemotePatcher
Patch AMSI and ETW in remote process via direct syscall
Hagrid29's Repositories
Hagrid29/PELoader
PE loader with various shellcode injection techniques
Hagrid29/DuplicateDump
Dumping LSASS with a duplicated handle from custom LSA plugin
Hagrid29/BYOVDKit
bring your own vulnerable driver
Hagrid29/RemotePatcher
Patch AMSI and ETW in remote process via direct syscall
Hagrid29/AbuseAzureAPIPermissions
Abuse Azure API permissions for red teaming
Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP
Hagrid29/herpaderply_hollowing
Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
Hagrid29/BOF-SprayAD
Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
Hagrid29/BOF-DCOMPotato-PrintNotify
Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object to DCOM call of PrintNotify.
Hagrid29/DumpAADSyncCreds
C# implementation of Get-AADIntSyncCredentials from AADInternals, which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.
Hagrid29/CertifyKit
Active Directory certificate abuse
Hagrid29/BOF-CredUI
Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
Hagrid29/BOF-RemoteRegSave
Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
Hagrid29/DumpAADUserRPT
DumpAADUserRPT is C# implementation of Get-AADIntUserPRTToken from AADInternals which obtain Primary Refresh Token
Hagrid29/ForeScout-SecureConnector-EoP
Arbitrary File Delete in Forescout SecureConnector before 11.3.06.0063
Hagrid29/ReadWrite-DCOM
Perform directory listing, read and write file on remote computer via DCOM methods
Hagrid29/webAccess-arbitrary-read-write