Pinned Repositories
awesome-lists
Awesome Security lists for SOC/CERT/CTI
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
BOFs
Collection of Beacon Object Files
CloudInject
Cobalt-Strike
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
CS-Situational-Awareness-BOF
Situational Awareness commands implemented using Beacon Object Files
kerbof
Kerboers BOFs - inspired and heavily adapted from nanorobeus and rubeus
LayeredSyscall
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
StandIn
StandIn is a small .NET35/45 AD post-exploitation toolkit
funnybananas's Repositories
funnybananas/kerbof
Kerboers BOFs - inspired and heavily adapted from nanorobeus and rubeus
funnybananas/LayeredSyscall
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
funnybananas/StandIn
StandIn is a small .NET35/45 AD post-exploitation toolkit
funnybananas/awesome-lists
Awesome Security lists for SOC/CERT/CTI
funnybananas/BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
funnybananas/Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
funnybananas/CloudInject
funnybananas/Cobalt-Strike
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
funnybananas/CS_Uploads_Tracker
Aggressor script add-in for CobaltStrike to track file uploads
funnybananas/CVE-2023-46747-RCE
exploit for f5-big-ip RCE cve-2023-46747
funnybananas/DefenderYara
Extracted Yara rules from Windows Defender mpavbase and mpasbase
funnybananas/ObjectOverloadingPOC
funnybananas/DojoLoader
Generic PE loader for fast prototyping evasion techniques
funnybananas/EDR-Preloader
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
funnybananas/ghostwriting-2
A process injection technique using only thread context manipulation
funnybananas/GOAD
game of active directory
funnybananas/import-owned-users-bloodhound
script to import owned users in bloodhound
funnybananas/NimGetWindowClasses
Enumerates windows and returns the title (if any), PID, and Window Class Name.
funnybananas/nimview
A Nim/Webview based helper to create Desktop/Server applications with Nim/C/C++ and HTML/CSS
funnybananas/Operational-Security-101
A repository of advice and guides to share with friends and family who are concerned about their safety during online activities and the security of their devices.
funnybananas/PatchlessInlineExecute-Assembly
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
funnybananas/pyMetaTwin
Copy metadata and digital signatures information from one Windows executable to another using Wine on a non-Windows platform
funnybananas/RandomizedProjects
funnybananas/sleepmask-vs
A simple Sleepmask BOF example
funnybananas/SspiUacBypass
Bypassing UAC with SSPI Datagram Contexts
funnybananas/SteppingStones
A Red Team Activity Hub
funnybananas/TeamsImplant
funnybananas/thread_namecalling
funnybananas/vim-config
A repository containing Vim configurations that set up specific development environments.
funnybananas/Vundle.vim
Vundle, the plug-in manager for Vim