Pinned Repositories
AutoGen
Automatically generate MSFT Detours registration and interception functions
cve-2019-11477-poc
drawbridge
Research repository. Don't use anything here for a serious purpose.
Security-Assessment
Scripts to automate some part of Security/Vulnerability Assessment
TL-FRAUD
A collection of fraud related tools for research.
ViolentFungus-C2
Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff. WIP.
wiggle
The concepting self hosted executable binary search engine
sasqwatch's Repositories
sasqwatch/Advanced_RAT2
C++ RAT
sasqwatch/AndroSpy
An Android RAT that written in C# by me
sasqwatch/CertStealer
A .NET tool for exporting and importing certificates without touching disk.
sasqwatch/community-threats
The GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.
sasqwatch/cornershot
Amplify network visibility from multiple POV of other hosts
sasqwatch/CovenantTasks
Source for tasks I have used with Covenant
sasqwatch/dnLauncher
sasqwatch/ExecuteAssembly
Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).
sasqwatch/Farmer
sasqwatch/Fully-Undetectable-Techniques
sasqwatch/LogDetectionLab
Vagrant AD Lab builder for log-based detection research and development
sasqwatch/masqueradeCmdline
A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.
sasqwatch/MicroBackdoor
Small and convenient C2 tool for Windows targets
sasqwatch/PE_Toy
sasqwatch/polrbear
The PoLRBear Project
sasqwatch/RunPE-In-Memory
Run a Exe File (PE Module) in memory (like an Application Loader)
sasqwatch/S2AN
Sigma2AttackNet - Mapper of Sigma Rules ➡️ MITRE ATT&CK
sasqwatch/sakeInject
Windows PE - TLS (Thread Local Storage) Injector in C/C++
sasqwatch/SecretScanner
Find secrets and passwords in container images and file systems
sasqwatch/serpentine
C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
sasqwatch/sharpwmi-1
sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。
sasqwatch/Sim
C# User Simulation
sasqwatch/SpoolSploit
A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.
sasqwatch/StandIn
StandIn is a small .NET35/45 AD post-exploitation toolkit
sasqwatch/winchecksec
Checksec, but for Windows: static detection of security mitigations in executables
sasqwatch/wowGrail
PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
sasqwatch/wowInjector
PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
sasqwatch/Xenos
Windows dll injector
sasqwatch/xlsGen
(PoC) Tiny Excel BIFF8 Generator, to Embedded 4.0 Macros in xls files without Excel.
sasqwatch/xorstr
heavily vectorized c++17 compile time string encryption.