Pinned Repositories
SharpSploit
SharpSploit is a .NET post-exploitation library written in C#
CertStealer
A .NET tool for exporting and importing certificates without touching disk.
DInvoke
Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
donut-demos
Demos of Donut used in conferences, etc. Mostly for my use, but free for others to use as a reference.
EasyNet
Simple packer for arbitrary data using only .NET API calls. Produces a unique signature with every usage. Standalone program and library. Algorithm: Data <-> GZip <-> AES-256 <-> Base64.
GhostLoader
GhostLoader - AppDomainManager - Injection - 攻壳机动队
Manager
Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET
ModuleMonitor
Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Injection attacks.
TheWover.github.io
Blog. Watch the repo to subscribe
TheWover's Repositories
TheWover/AssemblyLoader
Loads .NET Assembly Via CLR Loader
TheWover/injection
Windows process injection methods
TheWover/AggressorScripts
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
TheWover/amsi_bypassr
AMSI bypass stager generator
TheWover/Browser-ExternalC2
External C2 Using IE COM Objects
TheWover/Custom-GetProcAddress-and-GetModuleHandle-and-more
Custom GetProcAddress, GetModuleHandleA and some dbghelp.dll functions
TheWover/Howling-Software-V2
TheWover/KsDumper
Dumping processes using the power of kernel space !
TheWover/MaliciousDLLGenerator
DLL Generator for side loading attack
TheWover/self-morphing-csharp-binary
C# binary that mutates its own code, encrypts and obfuscates itself on runtime
TheWover/spotter
Targeted Payload Execution
TheWover/coreclr
CoreCLR is the runtime for .NET Core. It includes the garbage collector, JIT compiler, primitive data types and low-level classes.
TheWover/CPLResourceRunner
Run shellcode from resource
TheWover/cs-script
C# scripting platform
TheWover/de4dot
.NET deobfuscator and unpacker.
TheWover/dotnet
A simple but effective mini-profiler for ASP.NET (and Core) websites
TheWover/DotNetAnywhere
Small .NET interpreter
TheWover/Harmony
A library for patching, replacing and decorating .NET and Mono methods during runtime
TheWover/HoLLy.MemoryLib
A specialized C# memory-accessing library
TheWover/injdrv
proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
TheWover/JitBuddy
Disassemble to x86/x64 ASM listing the native code generated by the JIT of a managed method.
TheWover/LimeUSB-Csharp
Malware USB Spread | Example C#
TheWover/malware-sample-library
Malware sample library.
TheWover/OffensiveCSharp
Collection of Offensive C# Tooling
TheWover/protobuf-net
Protocol Buffers library for idiomatic .NET
TheWover/ReClass.NET
Not just a ReClass port to the .NET platform.
TheWover/SharpSocks
Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
TheWover/TikiTorch
TheWover/Vanara
A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.
TheWover/WindowsInternals
Windows Internals Book 7th edition Tools