Pinned Repositories
clarion
The clarion call tells you if someone is logging into an AitM proxy that is proxying your M365 login page
CobaltNotion
A spin-off research project. Cobalt Strike x Notion collab 2022
CVE-2021-38699-Stored-XSS
Stored XSS in TastyIgniter v3.0.7 Restaurtant CMS
CVE-2021-38817-Remote-OS-Command-Injection
Remote OS Command Injection in TastyIgniter v3.0.7 Sendmail Path field
cve-2022-33891
Apache Spark Shell Command Injection Vulnerability
PMAT-labs
Labs for Practical Malware Analysis & Triage
RustyProcessInjectors
Just some Rust process injector POCs, nothing weird.
ShadowSteal
Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation
SharpTokenFinder
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
OffensiveNotion
Notion as a platform for offensive operations
HuskyHacks's Repositories
HuskyHacks/PMAT-labs
Labs for Practical Malware Analysis & Triage
HuskyHacks/SharpTokenFinder
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
HuskyHacks/clarion
The clarion call tells you if someone is logging into an AitM proxy that is proxying your M365 login page
HuskyHacks/blue-jupyter
Jupyter Notebooks for the Blue Team
HuskyHacks/HuskyHacks
HuskyHacks/CVE-2021-38817-Remote-OS-Command-Injection
Remote OS Command Injection in TastyIgniter v3.0.7 Sendmail Path field
HuskyHacks/bsides-nashville-identity-crisis
Identity Crisis: Combating M365 Account Takeovers at Scale (BSides Nashville 2024)
HuskyHacks/HuskyHacks.github.io
HuskyHacks/SandboxEvasion_BuildCommDCBAndTimeoutA
Sandbox evasion (probably?) via BuildCommDCBAndTimeoutA PoC
HuskyHacks/cloudy-with-a-chance-of-malware
Terraform repo for "Cloudy with a Chance of Malware"
HuskyHacks/dracula-css-notion-super
The Dracula color theme for Notion/Super.so sites. I spent a while on this so I don't want to lose it.
HuskyHacks/GraphSpy
Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI
HuskyHacks/AWS-malware-lab
Creation of a laboratory for malware analysis in AWS
HuskyHacks/Certipy
Tool for Active Directory Certificate Services enumeration and abuse
HuskyHacks/cve-2022-42889-text4shell-docker
Dockerized POC for CVE-2022-42889 Text4Shell
HuskyHacks/docker-elk
The Elastic stack (ELK) powered by Docker and Compose.
HuskyHacks/flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
HuskyHacks/hardyharHAR
HuskyHacks/impacket
Impacket is a collection of Python classes for working with network protocols.
HuskyHacks/logformatter
logformatter
HuskyHacks/OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
HuskyHacks/pancakescon-2024
How to Combat Microsoft365 Account Takeovers (while you're not out Thru-Hiking the Appalachian Trail
HuskyHacks/PynAuth
HuskyHacks/VM-Packages
HuskyHacks/GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
HuskyHacks/merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
HuskyHacks/merlin-agent
HuskyHacks/replit-test
HuskyHacks/SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
HuskyHacks/Unprotect_Submission
Repository to publish your evasion techniques and contribute to the project