stanhegt

Pinned Repositories

• Dumpert

  LSASS memory dumper using direct system calls and API unhooking.

  Language:C1.5k365243

• EvilClippy

  A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

  Language:C#2.1k9146395

• Excel4-DCOM

  PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)

  Language:PowerShell32128075

• InlineWhispers

  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)

  Language:Assembly30715141

• Net-GPPPassword

  .NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.

  Language:C#16411036

• Presentations

  Presentation material presented by Outflank team members at public events.

  17822034

• Ps-Tools

  Ps-Tools, an advanced process monitoring toolkit for offensive operations

  Language:C32923183

• Scripts

  Small scripts that make life better

  Language:JavaScript29017475

• TamperETW

  PoC to demonstrate how CLR ETW events can be tampered.

  Language:C18512033

• WdToggle

  A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.

  21314331

stanhegt's Repositories