Pinned Repositories
AMSI-BYPASS
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
citrixphishlet
Citrix Phishlet
CortexCanary
Tooling related to discovery of Cortex XDR canary files to avoid
DefenderCheck
Identifies the bytes that Microsoft Defender flags on.
EVA
FUD shellcode Injector
JWS_Tool
Burp Extension to modify headers and maintain JWS validity
NSGenCS
Extendable payload obfuscation and delivery framework
OAuthRenew
Burp Extension to auto renew OAuth bearer tokens. Can be adapted for any authorisation headers required for app testing
TokenImpersonator
Basic Token Impersonation Code
t3hbb's Repositories
t3hbb/NSGenCS
Extendable payload obfuscation and delivery framework
t3hbb/DefenderCheck
Identifies the bytes that Microsoft Defender flags on.
t3hbb/OAuthRenew
Burp Extension to auto renew OAuth bearer tokens. Can be adapted for any authorisation headers required for app testing
t3hbb/CortexCanary
Tooling related to discovery of Cortex XDR canary files to avoid
t3hbb/AMSI-BYPASS
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
t3hbb/APT-Attack-Simulation
This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools that attackers might have used in actual attacks. These tools and TTPs are simulated here.
t3hbb/CallStackSpoofer
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
t3hbb/Codecepticon
.NET/PowerShell/VBA Offensive Security Obfuscator
t3hbb/COM-Hunter
COM Hijacking VOODOO
t3hbb/Coogle
A shot-for-shot remake of the Google Login Page.
t3hbb/DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
t3hbb/DojoLoader
Generic PE loader for fast prototyping evasion techniques
t3hbb/Dumpert
LSASS memory dumper using direct system calls and API unhooking.
t3hbb/EDRSandblast
t3hbb/FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
t3hbb/Home-Grown-Red-Team
t3hbb/HTMLSmuggler
✉️ HTML Smuggling generator&obfuscator for your Red Team operations
t3hbb/ipv4Bypass
Using IPv6 to Bypass Security
t3hbb/Jomungand
Shellcode Loader with memory evasion
t3hbb/mhydeath
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
t3hbb/Misconfiguration-Manager
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
t3hbb/mortar
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
t3hbb/PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual.
t3hbb/RflDllOb
Reflective DLL Injection - M++
t3hbb/SharpUnhooker
C# Based Universal API Unhooker
t3hbb/Shhhloader
Syscall Shellcode Loader (Work in Progress)
t3hbb/ShuckNT
ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade, convert, dissect and shuck authentication token based on Data Encryption Standard (DES).
t3hbb/Spartacus
Spartacus DLL/COM Hijacking Toolkit
t3hbb/ThreadlessInject
Threadless Process Injection using remote function hooking.
t3hbb/TokenRefresh
Token Refresh Tool