Pinned Repositories
adPEAS
Powershell tool to automate Active Directory enumeration.
BadAssMacros
BadAssMacros - C# based automated Malicous Macro Generator.
birdnet-poc
Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
BloodHound
Six Degrees of Domain Admin
BloodHound.py
A Python based ingestor for BloodHound
bypass-clm
PowerShell Constrained Language Mode Bypass
Certipy
Tool for Active Directory Certificate Services enumeration and abuse
Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
Covenant
Covenant is a collaborative .NET C2 framework for red teamers.
CVE-2020-26732
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session
swzhouu's Repositories
swzhouu/birdnet-poc
Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
swzhouu/BloodHound
Six Degrees of Domain Admin
swzhouu/BloodHound.py
A Python based ingestor for BloodHound
swzhouu/Certipy
Tool for Active Directory Certificate Services enumeration and abuse
swzhouu/CVE-2020-26732
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session
swzhouu/CVE-2020-26733
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 Cross Site Scripting (XSS) Vulnerability
swzhouu/CVE-2020-27368
TOTOLINK-A702R-V1.0.0-B20161227.1023 Directory Indexing Vulnerability
swzhouu/CVE-2022-48311
HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B HTTP configuration page Cross Site Scripting (XSS) Vulnerability
swzhouu/D1rkLrd
Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscall instruction address resolving at run time
swzhouu/DavRelayUp
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
swzhouu/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
swzhouu/FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
swzhouu/gMSADumper
Lists who can read any gMSA password blobs and parses them if the current user has access.
swzhouu/impacket
Impacket is a collection of Python classes for working with network protocols.
swzhouu/mimikatz
A little tool to play with Windows security
swzhouu/noPac
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
swzhouu/NtCall64
Windows NT x64 syscall fuzzer
swzhouu/oleviewdotnet
A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container
swzhouu/onedrive_user_enum
onedrive user enumeration - pentest tool to enumerate valid o365 users
swzhouu/OSEP-Code-Snippets
A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
swzhouu/PatchlessCLRLoader
.NET assembly loader with patchless AMSI and ETW bypass
swzhouu/PE-Obfuscator
PE obfuscator with Evasion in mind
swzhouu/PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
swzhouu/pywhisker
Python version of the C# tool for "Shadow Credentials" attacks
swzhouu/RpcView
RpcView is a free tool to explore and decompile Microsoft RPC interfaces
swzhouu/Rubeus
Trying to tame the three-headed dog.
swzhouu/SharpHound
C# Data Collector for BloodHound
swzhouu/SigmaPotato
SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.
swzhouu/SyscallTables
Windows NT x64 Syscall tables
swzhouu/winafl
A fork of AFL for fuzzing Windows binaries