TheWover

Pinned Repositories

SharpSploit
SharpSploit is a .NET post-exploitation library written in C#
Language:C#1.7k 83 23305
CertStealer
A .NET tool for exporting and importing certificates without touching disk.
Language:C#467 15 069
DInvoke
Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
Language:C#648 14 19107
donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
Language:C3.3k 82 102599
donut-demos
Demos of Donut used in conferences, etc. Mostly for my use, but free for others to use as a reference.
29 4 03
EasyNet
Simple packer for arbitrary data using only .NET API calls. Produces a unique signature with every usage. Standalone program and library. Algorithm: Data <-> GZip <-> AES-256 <-> Base64.
Language:C#90 10 024
GhostLoader
GhostLoader - AppDomainManager - Injection - 攻壳机动队
Language:C#143 4 082
Manager
Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET
Language:C++62 7 111
ModuleMonitor
Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Injection attacks.
Language:C#39 2 010
TheWover.github.io
Blog. Watch the repo to subscribe
Language:SCSS5 3 06

TheWover's Repositories

TheWover/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
Language:C3.3k 82 102599
TheWover/DInvoke
Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
Language:C#648 14 19107
TheWover/CertStealer
A .NET tool for exporting and importing certificates without touching disk.
Language:C#467 15 069
TheWover/GhostLoader
GhostLoader - AppDomainManager - Injection - 攻壳机动队
Language:C#143 4 082
TheWover/TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
Language:C++7 0 0
TheWover/beercode
Free beerware-quality code in exchange for beer money (if you are so inclined). ;-)
Language:C#5 4 03
TheWover/TheWover.github.io
Blog. Watch the repo to subscribe
Language:SCSS5 3 06
TheWover/DLLHijackTest
DLL and PowerShell script to assist with finding DLL hijacks
Language:PowerShell4 1 03
TheWover/AllTheThingsExec
Executes Blended Managed/Unmanged Exports
Language:C#2 1 01
TheWover/LetMeowIn
A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
Language:C++2 0 0
TheWover/MemProcFS
MemProcFS
Language:C2 0 0
TheWover/NativeDump
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)
Language:C#2 0 0
TheWover/StandIn
StandIn is a small .NET35/45 AD post-exploitation toolkit
Language:C#2 1 01
TheWover/angryorchard-original
Original proof of concept I submitted to brokers demonstrating the vulnerability in hopes of getting rid of it.
Language:C1 0 0
TheWover/community-threats
The largest, public library of adversary emulation plans in JSON. A place to share custom SCYTHE threats with the community. #ThreatThursday
Language:PowerShell1 1 0
TheWover/DotNetInjections
Loading Assemblies Into Processes, the All Natural Organic way
1 0 0
TheWover/endgame
An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
Language:Python1 1 0
TheWover/herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Language:C++1 1 01
TheWover/JNDI-Exploit-Kit
JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）
Language:Java1 1 0
TheWover/KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Language:C#1 0 0
TheWover/masm_shc
A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
Language:C++1 1 01
TheWover/SharpKatz
Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
Language:C#1 1 01
TheWover/SharpSploit
SharpSploit is a .NET post-exploitation library written in C#
Language:C#1 2 01
TheWover/compound-actions
Compound Actions align with MITRE ATT&CK TTPs at the procedure level.
Language:Python0 1 07
TheWover/community-modules
A place to share SCYTHE modules with the community.
Language:Python0 01
TheWover/DynamicWrapperDotNet
Dynamically Loads Assembly and Calls Methods from JScript
Language:C#0 01
TheWover/Koppeling
Adaptive DLL hijacking / dynamic export forwarding
Language:C++1 01
TheWover/PrintNightmare
Language:C1 0
TheWover/red_team_tool_countermeasures
Language:YARA1 01
TheWover/winget-pkgs-redteam
The Microsoft community Windows Package Manager manifest repository
Language:PowerShell2 0