Pinned Repositories
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
AddJS2PDF
AmsiScanBufferBypass
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
CHM-Exec
CMSTP_UAC_Bypass
commercial
CrackMapExecWindows
MicrosoftWorkflowCompiler
Execute Commands using Microsoft.Workflow.Compiler.exe
analyticsearch's Repositories
analyticsearch/.NetConfigLoader
.net config loader
analyticsearch/ADCSCoercePotato
analyticsearch/ADCSync
Use ESC1 to perform a makeshift DCSync and dump hashes
analyticsearch/ADOKit
Azure DevOps Services Attack Toolkit
analyticsearch/CloudInject
analyticsearch/DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
analyticsearch/EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
analyticsearch/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
analyticsearch/GhostDriver
yet another AV killer tool using BYOVD
analyticsearch/gocheck
DefenderCheck but blazingly fast™
analyticsearch/IPPrintC2
PoC for using MS Windows printers for persistence / command and control via Internet Printing
analyticsearch/lsa-whisperer
Tools for interacting with authentication packages using their individual message protocols
analyticsearch/Mockingjay_BOF
Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
analyticsearch/MultiDump
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
analyticsearch/nimvoke
Indirect syscalls + DInvoke made simple.
analyticsearch/NoArgs
NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.
analyticsearch/OktaPostExToolkit
analyticsearch/OneLoginPostExToolkit
analyticsearch/pandora
A red team tool that assists into extracting/dumping master credentials and/or enties from different password managers
analyticsearch/ProcessStomping
A variation of ProcessOverwriting to execute shellcode on an executable's section
analyticsearch/Proxy-DLL-Loads
A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
analyticsearch/SharpADWS
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
analyticsearch/Shoggoth
Shoggoth: Asmjit Based Polymorphic Encryptor
analyticsearch/SignToolEx
Patching "signtool.exe" to accept expired certificates for code-signing.
analyticsearch/SOAPHound
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
analyticsearch/SymProcAddress
Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)
analyticsearch/SymProcSleuth
A pure C version of SymProcAddress
analyticsearch/TokenStealer
analyticsearch/Villain
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
analyticsearch/WinPmem
The multi-platform memory acquisition tool.