reiterjr

SANS SEC670 Author/Instructor, SANS SEC770 Author (soon to be), SANS SEC870 Author (soon to be)

Pinned Repositories

adversary_emulation_library
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
Language:C0 0 00
alpaca
Serialization library written in C++17 - Pack C++ structs into a compact byte-array without any macros or boilerplate code
Language:C++0 0 00
analyzeMFT
Language:Python0 0 00
Anti-Ransomware-minifilter
Language:C0 0 00
AntiHook_BitDefender
PoC designed to evade userland-hooking anti-virus.
Language:C0 0 00
WarFox
A proof-of-concept HTTPS beaconing Windows implant and multi-layered proxy C2 network designed for covert APT emulation engagements
Language:C++2 0 00

reiterjr's Repositories

reiterjr/adversary_emulation_library
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
Language:C0 0 00
reiterjr/alpaca
Serialization library written in C++17 - Pack C++ structs into a compact byte-array without any macros or boilerplate code
Language:C++0 0 00
reiterjr/Havoc
The Havoc Framework.
Language:Go00
reiterjr/Banshee-Rootkit
Experimental Windows x64 Kernel Rootkit.
reiterjr/Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
Language:C0 0
reiterjr/cookie-monster
BOF to steal browser cookies & credentials
reiterjr/CreateService_Win
File backup
Language:C++0 0
reiterjr/DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Language:C0 0
reiterjr/EDRPrison
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
reiterjr/EDRSandblast
Language:C0 0
reiterjr/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
Language:C0 0
reiterjr/Home-Grown-Red-Team
Language:Python0 0
reiterjr/Jigsaw
Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
reiterjr/KasperskyHook
Hook system calls on Windows by using Kaspersky's hypervisor
reiterjr/lsa-whisperer
Tools for interacting with authentication packages using their individual message protocols
reiterjr/mimikatz
A little tool to play with Windows security
reiterjr/mmLoader
A library for loading dll module bypassing windows PE loader from memory (x86/x64)
reiterjr/no-defender
A slightly more fun way to disable windows defender. (through the WSC api)
reiterjr/NTFSObjectIDParser
Digital Forensic tool parsing the $ObjID index file and correlating it with the $MFT
Language:C++0 0
reiterjr/ntfstool
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
Language:C++0 0
reiterjr/PE-LiteScan
A simple crossplatform heuristic PE-analyzer
reiterjr/PrivFu-getsysem
Kernel mode WinDbg extension and PoCs for token privilege investigation.
Language:C#0 0
reiterjr/Reflective_PE_Loader
Program to load a PE inside memory on another process.
reiterjr/RexLdr
Rex Shellcode Loader for AV/EDR evasion
reiterjr/sliver-copy
Adversary Emulation Framework
reiterjr/String-Obfuscator
Guaranteed compile-time string literal obfuscation header-only library for C++14
reiterjr/thread_namecalling
reiterjr/Voidgate-scode-encryptor
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
reiterjr/websocketpp
C++ websocket client/server library
Language:C++0 0
reiterjr/Windows-self-delete
Language:C++0 0

reiterjr

Pinned Repositories

adversary_emulation_library

alpaca

analyzeMFT

Anti-Ransomware-minifilter

AntiHook_BitDefender

WarFox

reiterjr's Repositories

reiterjr/adversary_emulation_library

reiterjr/alpaca

reiterjr/Havoc

reiterjr/Banshee-Rootkit

reiterjr/Beacon_Source

reiterjr/cookie-monster

reiterjr/CreateService_Win

reiterjr/DEFCON-31-Syscalls-Workshop

reiterjr/EDRPrison

reiterjr/EDRSandblast

reiterjr/EDRSilencer

reiterjr/Home-Grown-Red-Team

reiterjr/Jigsaw

reiterjr/KasperskyHook

reiterjr/lsa-whisperer

reiterjr/mimikatz

reiterjr/mmLoader

reiterjr/no-defender

reiterjr/NTFSObjectIDParser

reiterjr/ntfstool

reiterjr/PE-LiteScan

reiterjr/PrivFu-getsysem

reiterjr/Reflective_PE_Loader

reiterjr/RexLdr

reiterjr/sliver-copy

reiterjr/String-Obfuscator

reiterjr/thread_namecalling

reiterjr/Voidgate-scode-encryptor

reiterjr/websocketpp

reiterjr/Windows-self-delete