seahop
Red Teamer. Just out here creating some simple PoCs for red teamy things. Amateur coder. No best practices here.
United States
Pinned Repositories
CPP_XOR
getPIDIntegrity
Injection
mimiRust
All credits to: github.com/ThottySploity/mimiRust (Original author deleted account so I uploaded for community use)
patchETW
Function to patch ETW with syscalls
RemoteProcDLLInject
RemoteShellcodeInjection_XOR
SyscallProcScan
Syscall process scanner
titan
Titan: A generic user defined reflective DLL for Cobalt Strike
seahop's Repositories
seahop/AMSI-ETW-Patch
Patch AMSI and ETW
seahop/Awesome_Malware_Techniques
This is a repository of resource about Malware techniques
seahop/CVE-2022-33679
One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
seahop/TerraLdr
A Payload Loader Designed With Advanced Evasion Features
seahop/ErebusGate
ErebusGate for Nim Bypass AV/EDR
seahop/WinDbg_Scripts
Useful scripts for WinDbg using the debugger data model
seahop/ScreenshotBOF
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.
seahop/NoRunPI
Run Your Payload Without Running Your Payload
seahop/SideLoadingDLL
seahop/KnownDllUnhook
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
seahop/mordor-rs
Rusty Hell's Gate / Halo's Gate / Tartarus' Gate / FreshyCalls / Syswhispers2 Library
seahop/fuzz.txt
Potentially dangerous files
seahop/nanorobeus
COFF file (BOF) for managing Kerberos tickets.
seahop/Win32_Offensive_Cheatsheet
Win32 and Kernel abusing techniques for pentesters
seahop/Kernelhub
:palm_tree:Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)
seahop/CodeCave
A bunch of scripts and code i wrote.
seahop/AtomicSyscall
Tools and PoCs for Windows syscall investigation.
seahop/PersistBOF
seahop/SysWhispers3
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
seahop/KrbRelay
Framework for Kerberos relaying
seahop/InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
seahop/FunctionStomping
A new shellcode injection technique. Given as C++ header or standalone Rust program.
seahop/HOLLOW
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
seahop/process_ghosting
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
seahop/PrivescCheck
Privilege Escalation Enumeration Script for Windows
seahop/PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
seahop/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
seahop/ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
seahop/pypykatz
Mimikatz implementation in pure Python
seahop/minidump
Python library to parse and read Microsoft minidump file format