Pinned Repositories
aptc
Automated Payload Test Controller
AutoTTP
Automated Tactics Techniques & Procedures
FreeEDR
Free Endpoint Defense & Response
FreeEDR-agents
mutateEXE
A fork of Endgame's gym-malware manipulate2.py
OpenEDR
Renamed to Free EDR to avoid confusion with Comodo's project
OpenEDRclient
Open Endpoint Defense & Response
SysmonResources
Consolidation of various resources related to Microsoft Sysmon & sample data/log
SysmonViz
Sysmon Visualization
Virtual-Internship
Virtual Internship
jymcheong's Repositories
jymcheong/RedTeam-Tactics-and-Techniques
Red Teaming Tactics and Techniques
jymcheong/sftp
One-Way SFTP server derived from atmoz sftp docker
jymcheong/AgentSmith-HIDS
By Kprobe technology Open Source Host-based Intrusion Detection System(HIDS), from E_Bwill.
jymcheong/Antimalware-Research
Research on Anti-malware and other related security solutions
jymcheong/awesome-industrial-control-system-security
A curated list of resources related to Industrial Control System (ICS) security.
jymcheong/BlueGate
PoC for the Remote Desktop Gateway vulnerability - CVE-2020-0609 & CVE-2020-0610
jymcheong/Bluekeep-POC
BlueKeep is a use-after-free vulnerability, meaning that the program tries to use memory after it is supposed to have discarded it. The vulnerability lies in termdd.sys, which is the RDP kernel driver. A user can exploit this by opening an RDP connection to a remote computer called a channel – in this case a default RDP channel called MS_T210 – and sending specially crafted data to it. The exploit runs code on Windows XP, they said, but warned that it would probably crash Windows 7 or Server 2008 machines. By sending a specially crafted packet an attacker is able to set the value for the Channel ID to something the RDP service isn’t expecting, this causes a memory corruption bug that will create the conditions for Remote Code Execution to occur. Should the attacker choose to follow up with packets designed to take advantage of this flaw remote code execution can be achieved with System user privileges. There are no payloads. This is just a PoC. HOWEVER it is easily ported to an exploit since you can easily add payloads to this.
jymcheong/client
jymcheong/CVE-2019-11708
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
jymcheong/CVE-2020-0796-RCE-POC
CVE-2020-0796 Remote Code Execution POC
jymcheong/Empire
Empire is a PowerShell and Python post-exploitation agent.
jymcheong/EtwExplorer
View ETW Provider manifest
jymcheong/Evasor
A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies
jymcheong/genact
:cyclone: A nonsense activity generator
jymcheong/GoodUSB
Simple C# Program to block new keyboard devices until Control+Alt+Delete is pressed
jymcheong/LazWebsockets
Websocket Server and Client Library written in Lazarus
jymcheong/MemProcFS
The Memory Process File System
jymcheong/protolesshooks
API monitoring via return-hijacking thunks; works without information about target function prototypes.
jymcheong/rdpwrap
RDP Wrapper Library
jymcheong/rete
JavaScript framework for visual programming and creating node editor
jymcheong/SMBGhost_AutomateExploitation
SMBGhost (CVE-2020-0796) Automate Exploitation and Detection
jymcheong/spoofing-office-macro
:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.
jymcheong/sysmonx
SysmonX - An Augmented Drop-In Replacement of Sysmon
jymcheong/telegram-c2agent
POC Telegram C2 agent in NodeJS
jymcheong/TGPuttyLib
A dynamic link library with Delphi units based on PuTTY
jymcheong/wekan
The open-source kanban (built with Meteor). Keep variable/table/field names camelCase. For translations, only add Pull Request changes to wekan/i18n/en.i18n.json , other translations are done at https://transifex.com/wekan/wekan only.
jymcheong/windows-security
Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.
jymcheong/Windows-User-Action-Hook
A .NET library to subscribe for Windows operating system global user actions such mouse, keyboard, clipboard & print events
jymcheong/Windows10-CustomKernelSigners
Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSigners
jymcheong/Windows_Sandbox_Editor
Generate and manage your windows sandbox