Pinned Repositories
SharpSploit
SharpSploit is a .NET post-exploitation library written in C#
CertStealer
A .NET tool for exporting and importing certificates without touching disk.
DInvoke
Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
donut-demos
Demos of Donut used in conferences, etc. Mostly for my use, but free for others to use as a reference.
EasyNet
Simple packer for arbitrary data using only .NET API calls. Produces a unique signature with every usage. Standalone program and library. Algorithm: Data <-> GZip <-> AES-256 <-> Base64.
GhostLoader
GhostLoader - AppDomainManager - Injection - 攻壳机动队
Manager
Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET
ModuleMonitor
Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Injection attacks.
TheWover.github.io
Blog. Watch the repo to subscribe
TheWover's Repositories
TheWover/ModuleMonitor
Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Injection attacks.
TheWover/ProcessManager
ps-like .NET Assembly for enumerating processes on the current machine or a remote machine.
TheWover/pinjectra
Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
TheWover/Windows-Internals
My repository to upload drivers from different books and all the information related to windows internals.
TheWover/Bleak
A Windows native DLL injection library written in C# that supports several methods of injection.
TheWover/TDL
Driver loader for bypassing Windows x64 Driver Signature Enforcement
TheWover/AsmResolver
PE reader and editor. Native headers and resources, .NET metadata and disassemblers (x86 and cil).
TheWover/Blackbone
Windows memory hacking library
TheWover/Covenant
Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
TheWover/DidierStevensSuite
Please no pull requests for this repository. Thanks!
TheWover/MemJect
Simple Dll injector loading from memory. Supports PE header and entry point erasure. Written in C99.
TheWover/UEFIReadCSharp
TheWover/UEFIWriteCSharp
TheWover/windows-syscalls
Windows System Call Tables (NT/2000/XP/2003/Vista/2008/7/2012/8/10)
TheWover/Windows10-CustomKernelSigners
Load self-signed drivers without TestSigning or disable DSE
TheWover/bh_aws
Materials for AWS Training
TheWover/DotNextSP2019
DotNext 2019 St. Petersburg Talk Demos
TheWover/Dumpert
LSASS memory dumper using direct system calls and API unhooking.
TheWover/fsmemfs
Memory File System written in F# (using WinFsp)
TheWover/InfinityHook
Hook system calls, context switches, page faults and more.
TheWover/jasm
executing JS from x86 code
TheWover/muddyc3
Leaked Muddyc3 C2 source.
TheWover/polarbearrepo
TheWover/ProcessReimaging
Process reimaging proof of concept code
TheWover/Real-Time-Voice-Cloning
Clone a voice in 5 seconds to generate arbitrary speech in real-time
TheWover/Shellcoding
Shellcoding utilities
TheWover/SILENTTRINITY
An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
TheWover/Vx-Engines
Collection of source code for Polymorphic, Metamorphic, and Permutation Engines used in Malware
TheWover/win-exec-calc-shellcode
A small, null-free Windows shellcode that executes calc.exe (x86/x64, all OS/SPs)
TheWover/WMIPersistence
WMI Event Subscription Persistence in C#