TheWover

TheWover's Stars

• WerWolv/ImHex

  🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

  Language:C++46.5k4891.2k2k

• byt3bl33d3r/OffensiveNim

  My experiments in weaponizing Nim (https://nim-lang.org/)

  Language:Nim2.9k7030354

• ComodoSecurity/openedr

  Open EDR public repository

  Language:C++2.3k10640456

• gtworek/Priv2Admin

  Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

  2k314273

• phra/PEzor

  Open-Source Shellcode & PE Packer

  Language:C1.9k4250327

• knownsec/shellcodeloader

  shellcodeloader

  Language:C++1.7k4712372

• mubix/post-exploitation

  Post Exploitation Collection

  Language:C1.6k1214358

• adishavit/argh

  Argh! A minimalist argument handler.

  Language:C++1.3k195292

• jxy-s/herpaderping

  Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

  Language:C++1.1k336216

• DeimosC2/DeimosC2

  DeimosC2 is a Golang command and control framework for post-exploitation.

  Language:Vue1.1k3830163

• d35ha/CallObfuscator

  Obfuscate specific windows apis with different apis

  Language:C++985294177

• cxong/tinydir

  Lightweight, portable and easy to integrate C directory and file reader

  Language:C8133843125

• jthuraisamy/TelemetrySourcerer

  Enumerate and disable common sources of telemetry used by AV/EDR.

  Language:C++778304127

• awaescher/Fusion

  🧰 A modern alternative to the Microsoft Assembly Binding Log Viewer (FUSLOGVW.exe)

  Language:C#777203037

• btbd/smap

  DLL scatter manual mapper

  Language:C++731200153

• FuzzySecurity/StandIn

  StandIn is a small .NET35/45 AD post-exploitation toolkit

  Language:C#721166123

• CCob/BOF.NET

  A .NET Runtime for Cobalt Strike's Beacon Object Files

  Language:C684176100

• cube0x0/SharpMapExec

  Language:C#657225121

• br-sn/CheekyBlinder

  Enumerating and removing kernel callbacks using signed vulnerable drivers

  Language:C++549112107

• MythicAgents/Apollo

  A .NET Framework 4.0 Windows Agent

  Language:C#462193693

• LloydLabs/wsb-detect

  wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")

  Language:C35914147

• XiphosResearch/netelf

  Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.

  Language:C28213733

• mandiant/OfficePurge

  Language:C#25711170

• SpecterOps/presentations

  SpecterOps Presentations

  18448140

• rprichard/win32-console-docs

  Win32 Console Documentation -- in particular, console/standard handles and CreateProcess inheritance

  Language:C++11110716

• EgeBalci/IAT_API

  Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.

  Language:Assembly6912015

• jordanbtucker/dpapick

  DPAPI offline decryption utility

  Language:Python675014

• GrayKernel/GrayStorm

  In memory attack platform for C# Applications

  Language:C#51606

• zodiacon/NativeApps

  Demos and presentation from SECArmy Village Grayhat 2020

  Language:C365213

• lallouslab/Ganxo_

  An opensource API hooking framework

  Language:C21206