Pinned Repositories
Dumpert
LSASS memory dumper using direct system calls and API unhooking.
EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Excel4-DCOM
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
InlineWhispers
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
Net-GPPPassword
.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
Presentations
Presentation material presented by Outflank team members at public events.
Ps-Tools
Ps-Tools, an advanced process monitoring toolkit for offensive operations
Scripts
Small scripts that make life better
TamperETW
PoC to demonstrate how CLR ETW events can be tampered.
WdToggle
A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
stanhegt's Repositories
stanhegt doesn’t have any repository yet.