reiterjr
SANS SEC670 Author/Instructor, SANS SEC770 Author (soon to be), SANS SEC870 Author (soon to be)
Pinned Repositories
adversary_emulation_library
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
alpaca
Serialization library written in C++17 - Pack C++ structs into a compact byte-array without any macros or boilerplate code
analyzeMFT
Anti-Ransomware-minifilter
AntiHook_BitDefender
PoC designed to evade userland-hooking anti-virus.
WarFox
A proof-of-concept HTTPS beaconing Windows implant and multi-layered proxy C2 network designed for covert APT emulation engagements
reiterjr's Repositories
reiterjr/adversary_emulation_library
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
reiterjr/alpaca
Serialization library written in C++17 - Pack C++ structs into a compact byte-array without any macros or boilerplate code
reiterjr/Havoc
The Havoc Framework.
reiterjr/Banshee-Rootkit
Experimental Windows x64 Kernel Rootkit.
reiterjr/Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
reiterjr/cookie-monster
BOF to steal browser cookies & credentials
reiterjr/CreateService_Win
File backup
reiterjr/DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
reiterjr/EDRPrison
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
reiterjr/EDRSandblast
reiterjr/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
reiterjr/Home-Grown-Red-Team
reiterjr/Jigsaw
Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
reiterjr/KasperskyHook
Hook system calls on Windows by using Kaspersky's hypervisor
reiterjr/lsa-whisperer
Tools for interacting with authentication packages using their individual message protocols
reiterjr/mimikatz
A little tool to play with Windows security
reiterjr/mmLoader
A library for loading dll module bypassing windows PE loader from memory (x86/x64)
reiterjr/no-defender
A slightly more fun way to disable windows defender. (through the WSC api)
reiterjr/NTFSObjectIDParser
Digital Forensic tool parsing the $ObjID index file and correlating it with the $MFT
reiterjr/ntfstool
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
reiterjr/PE-LiteScan
A simple crossplatform heuristic PE-analyzer
reiterjr/PrivFu-getsysem
Kernel mode WinDbg extension and PoCs for token privilege investigation.
reiterjr/Reflective_PE_Loader
Program to load a PE inside memory on another process.
reiterjr/RexLdr
Rex Shellcode Loader for AV/EDR evasion
reiterjr/sliver-copy
Adversary Emulation Framework
reiterjr/String-Obfuscator
Guaranteed compile-time string literal obfuscation header-only library for C++14
reiterjr/thread_namecalling
reiterjr/Voidgate-scode-encryptor
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
reiterjr/websocketpp
C++ websocket client/server library
reiterjr/Windows-self-delete