Pinned Repositories
BOF-RegSave
Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File
BackupCreds
A C# implementation of dumping credentials from Windows Credential Manager
DPAPISnoop
A C# tool to output crackable DPAPI hashes from user MasterKeys
FirewallMoniker
A C# implementation that disables Windows Firewall bypassing UAC
RPCsc
Execute a program as a service via RPC
SpoolSamplerNET
Implementation of SpoolSample without rDLL
VmdkReader
.NET 4.0 Console App to browse VMDK / VHD images and extract files
Aladdin
ETWHash
C# POC to extract NetNTLMv1/v2 hashes from ETW provider
leftp's Repositories
leftp/DPAPISnoop
A C# tool to output crackable DPAPI hashes from user MasterKeys
leftp/BackupCreds
A C# implementation of dumping credentials from Windows Credential Manager
leftp/FirewallMoniker
A C# implementation that disables Windows Firewall bypassing UAC
leftp/qengine
C++ 17 or higher control flow obfuscation library for windows binaries
leftp/AtlasReaper
A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.
leftp/EDRSandblast-GodFault
EDRSandblast-GodFault
leftp/AutoFunkt
Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles
leftp/CobaltStrikeReflectiveLoader
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
leftp/Eclipse
Activation Context Hijack
leftp/EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
leftp/evilginx3
sturdy-chainsaw
leftp/FlavorTown
Various ways to execute shellcode
leftp/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
leftp/JayFinder
Find DLLs with RWX section
leftp/Kraken
Kraken, a modular multi-language webshell coded by @secu_x11
leftp/MemFiles
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
leftp/Morphian
Morphian is a python3 tool designed to generate unique passwords by combining specific characteristics of the target. It focuses on providing the user with four wordlists containing possible passwords categorized into different strength levels based on their predictability.
leftp/NachoVPN
A tasty, but malicious SSL-VPN server 🌮
leftp/OperatorsKit
Collection of Beacon Object Files (BOF) for Cobalt Strike
leftp/phishlets
leftp/RToolZ
A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
leftp/SCMKit
Source Code Management Attack Toolkit
leftp/SentinelKQL
Azure Sentinel KQL
leftp/SharpHound4Cobalt
C# Data Collector for BloodHound with CobaltStrike integration (BOF.NET)
leftp/ShellcodePlayer
Versatile tool for configuring launchers for PIC blobs
leftp/SQL-BOF
Library of BOFs to interact with SQL servers
leftp/TeamsPhisher
Send phishing messages and attachments to Microsoft Teams users
leftp/ThreadlessInject
Threadless Process Injection using remote function hooking.
leftp/WhoxySD
Gather all root domains of an organization from Whoxy
leftp/wsMemShell
WebSocket 内存马/Webshell,一种新型内存马/WebShell技术