Pinned Repositories
AggressorCollection
Collection of awesome Cobalt Strike Aggressor Scripts. All credit due to the authors
AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks
BSidesTO2017
Slides and demo content from our BSidesTO 2017 presentation.
C2Kv2
Updated version of C2K
DC416October
Examples used in the October DC416 meetup
LockdExeDemo
A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/
PreludeOperator_QuickCheck
Simple Powershell Prelude Operator Quick Check
universal-syscall-64
Resolve syscall numbers at runtime for all Windows versions.
invokethreatguy's Repositories
invokethreatguy/C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
invokethreatguy/mitmproxy2swagger
Automagically reverse-engineer REST APIs via capturing traffic
invokethreatguy/Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
invokethreatguy/AddressOfEntryPoint_Hijack_CSharp
Shellcode injection or execution via AddressOfEntryPoint hijack.
invokethreatguy/Apihashes
IDA Pro plugin for recognizing known hashes of API function names
invokethreatguy/BeaconDownloadSync
invokethreatguy/chainsaw
Rapidly Search and Hunt through Windows Event Logs
invokethreatguy/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
invokethreatguy/CreateThreadpoolWait_ShellcodeExecution_CSharp
Shellcode execution via CreateThreadpoolWait with Csharp
invokethreatguy/cuddlephish
Weaponized Browser-in-the-Middle (BitM) for Penetration Testers
invokethreatguy/Ekko
Sleep Obfuscation
invokethreatguy/Hunting-Queries-Detection-Rules
Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
invokethreatguy/IoRingReadWritePrimitive
Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2
invokethreatguy/iscsicpl_bypassUAC
UAC bypass for x64 Windows 7 - 11
invokethreatguy/Koh
The Token Stealer
invokethreatguy/kql-for-dfir
A guide to using Azure Data Explorer and KQL for DFIR
invokethreatguy/KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
invokethreatguy/msFlagsDecoder
Decode the values of common Windows properties such as userAccountControl and sAMAccountType.
invokethreatguy/Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
invokethreatguy/NlsCodeInjectionThroughRegistry
Dll injection through code page id modification in registry. Based on jonas lykk research
invokethreatguy/Office365
Office 365 scripts and information
invokethreatguy/PINKPANTHER
Windows x64 handcrafted token stealing kernel-mode shellcode
invokethreatguy/PowerHunt
PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.
invokethreatguy/RedEye
RedEye is a visual analytic tool supporting Red & Blue Team operations
invokethreatguy/Reverse-Engineering
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
invokethreatguy/SMBeagle
invokethreatguy/SwiftInMemoryLoading
Swift implementation of in-memory Mach-O loading on macOS
invokethreatguy/wifipumpkin3
Powerful framework for rogue access point attack.
invokethreatguy/WizardOpium
Google Chrome Use After Free
invokethreatguy/wtf
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows.