Pinned Repositories
AutoGen
Automatically generate MSFT Detours registration and interception functions
cve-2019-11477-poc
drawbridge
Research repository. Don't use anything here for a serious purpose.
Exploits-5
TL-FRAUD
A collection of fraud related tools for research.
wiggle
The concepting self hosted executable binary search engine
sasqwatch's Repositories
sasqwatch/BadWindowsService
An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities
sasqwatch/bota
sasqwatch/BypassAV
This map lists the essential techniques to bypass anti-virus and EDR
sasqwatch/ghauri
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
sasqwatch/GwisinMsi
PoC MSI payload based on ASEC/AhnLab's blog post
sasqwatch/KittyStager
KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.
sasqwatch/LogEnable
Enabling Windows Event logging
sasqwatch/NimPackt-v1
Nim-based assembly packer and shellcode loader for opsec & profit
sasqwatch/PersistAssist
Fully modular persistence framework
sasqwatch/PINKPANTHER
Windows x64 handcrafted token stealing kernel-mode shellcode
sasqwatch/processhacker
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
sasqwatch/ProcMonXv2
Process Monitor X v2
sasqwatch/Purpleteam
Purpleteam scripts - trigger events for SOC detections
sasqwatch/RedGuard
RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
sasqwatch/reinschauer
sasqwatch/RoastInTheMiddle
sasqwatch/Sandbox_Scryer
sasqwatch/Sealighter
Sysmon-Like research tool for ETW
sasqwatch/SealighterTI
Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
sasqwatch/Shhhloader
Syscall Shellcode Loader (Work in Progress)
sasqwatch/sliver
Implant framework
sasqwatch/SpyGuard
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device.
sasqwatch/Striker
A Command and Control (C2)
sasqwatch/subcrawl
SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output modules, such as MISP.
sasqwatch/TangledWinExec
C# PoCs for investigation of Windows process execution techniques investigation
sasqwatch/Venom-1
Venom is a library that meant to perform evasive communication using stolen browser socket
sasqwatch/viper
Go configuration with fangs
sasqwatch/W0wS3cur1tyEDR
a edr like program that hooks some syscalls
sasqwatch/WonkaVision
sasqwatch/Yaraedr
Here is our new tool YARA_EDR. Well it’s not a full fledged EDR but it can call at a small part of an EDR to accurately detect malwares executing in your environment. The tool is a wrapper around the yara binary for windows. It relies on the memory scanning capabilities and scans the virtual memory of all the processes on a system to identify malwa