TheWover

Pinned Repositories

SharpSploit
SharpSploit is a .NET post-exploitation library written in C#
Language:C#1.8k 83 23321
CertStealer
A .NET tool for exporting and importing certificates without touching disk.
Language:C#478 14 068
DInvoke
Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
Language:C#700 15 20108
donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
Language:C3.7k 79 108651
donut-demos
Demos of Donut used in conferences, etc. Mostly for my use, but free for others to use as a reference.
31 4 03
EasyNet
Simple packer for arbitrary data using only .NET API calls. Produces a unique signature with every usage. Standalone program and library. Algorithm: Data <-> GZip <-> AES-256 <-> Base64.
Language:C#90 10 024
GhostLoader
GhostLoader - AppDomainManager - Injection - 攻壳机动队
Language:C#154 4 082
Manager
Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET
Language:C++62 7 111
ModuleMonitor
Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Injection attacks.
Language:C#39 2 010
TheWover.github.io
Blog. Watch the repo to subscribe
Language:SCSS5 3 06

TheWover's Repositories

TheWover/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
Language:C3.7k 79 108651
TheWover/DInvoke
Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
Language:C#700 15 20108
TheWover/CertStealer
A .NET tool for exporting and importing certificates without touching disk.
Language:C#478 14 068
TheWover/TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
Language:C++7 0 0
TheWover/beercode
Free beerware-quality code in exchange for beer money (if you are so inclined). ;-)
Language:C#6 4 03
TheWover/TheWover.github.io
Blog. Watch the repo to subscribe
Language:SCSS5 3 06
TheWover/DLLHijackTest
DLL and PowerShell script to assist with finding DLL hijacks
Language:PowerShell4 1 03
TheWover/LEOPARDSEAL
A simple Linux in-memory .so loader
Language:Python4 0 0
TheWover/LetMeowIn
A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
Language:C++3 0 0
TheWover/NativeDump
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)
Language:C#3 0 0
TheWover/community-threats
The largest, public library of adversary emulation plans in JSON. A place to share custom SCYTHE threats with the community. #ThreatThursday
Language:PowerShell2 1 01
TheWover/DotNetInjections
Loading Assemblies Into Processes, the All Natural Organic way
2 0 0
TheWover/MemProcFS
MemProcFS (fork that allows reading dumps of the lsass process)
Language:C2 0 0
TheWover/StandIn
StandIn is a small .NET35/45 AD post-exploitation toolkit
Language:C#2 1 01
TheWover/AllTheThingsExec
Executes Blended Managed/Unmanged Exports
Language:C#1 1 01
TheWover/angryorchard-original
Original proof of concept I submitted to brokers demonstrating the vulnerability in hopes of getting rid of it.
Language:C1 0 0
TheWover/endgame
An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
Language:Python1 1 0
TheWover/herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Language:C++1 1 01
TheWover/JNDI-Exploit-Kit
JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）
Language:Java1 1 0
TheWover/Koppeling
Adaptive DLL hijacking / dynamic export forwarding
Language:C++1 1 01
TheWover/KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Language:C#1 0 0
TheWover/masm_shc
A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
Language:C++1 1 01
TheWover/RpcProxyInvoke
Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar
Language:C++1 0 0
TheWover/SharpKatz
Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
Language:C#1 1 01
TheWover/SharpSploit
SharpSploit is a .NET post-exploitation library written in C#
Language:C#1 2 01
TheWover/compound-actions
Compound Actions align with MITRE ATT&CK TTPs at the procedure level.
Language:Python0 1 07
TheWover/community-modules
A place to share SCYTHE modules with the community.
Language:Python0 01
TheWover/DynamicWrapperDotNet
Dynamically Loads Assembly and Calls Methods from JScript
Language:C#0 01
TheWover/PrintNightmare
Language:C1 0
TheWover/red_team_tool_countermeasures
Language:YARA1 01