Pinned Repositories
A-Red-Teamer-diaries
Red_teaming/Pentesting notes and experiments for a real world engagements
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
AD-Attack-Defense
Active Directory Security For Red & Blue Team
Adalanche
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
ADAPE-Script
Active Directory Assessment and Privilege Escalation Script
ADCSKiller
An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer
ADCSPwn
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
RedTeamSetup
virgilcj's Repositories
virgilcj/RedTeamSetup
virgilcj/BobTheSmuggler
"Bob the Smuggler": A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots).
virgilcj/Client-Checker
virgilcj/codasm
Payload encoding utility to effectively lower payload entropy.
virgilcj/convoC2
C2 infrastructure that allows Red Teamers to execute system commands on compromised hosts through Microsoft Teams.
virgilcj/CredMaster
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
virgilcj/DojoLoader
Generic PE loader for fast prototyping evasion techniques
virgilcj/EntraEnum
EntraEnum is PowerShell based tool designed for enumerating and interacting with Azure Active Directory (Entra ID) environments. With support for device code phishing, token management, and enumeration features.
virgilcj/evil-winrm
The ultimate WinRM shell for hacking/pentesting
virgilcj/Freeway
WiFi Penetration Testing & Auditing Tool
virgilcj/frida-interception-and-unpinning
Frida scripts to directly MitM all HTTPS traffic from a target mobile application
virgilcj/FullBypass
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Feel free to DM if you find some bugs :)
virgilcj/garble
Obfuscate Go builds
virgilcj/Ghost
Evasive shellcode loader
virgilcj/impacketdacl
Impacket is a collection of Python classes for working with network protocols.
virgilcj/InflativeLoading
Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub
virgilcj/jar-analyzer
Jar Analyzer - 一个JAR包分析工具,SCA漏洞分析,批量分析JAR包,方法调用关系搜索,字符串搜索,Spring组件分析,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码
virgilcj/LeakedWallpaper
Leak of any user's NetNTLM hash. Fixed in KB5040434
virgilcj/LsassReflectDumping
This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process
virgilcj/Maestro
Abusing Intune for Lateral Movement over C2
virgilcj/MMSF
Massive Mobile Security Framework
virgilcj/mortar
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
virgilcj/MSC_Dropper
virgilcj/NativeDump
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)
virgilcj/Nimperiments
Various one-off pentesting projects written in Nim. Updates happen on a whim.
virgilcj/PowerShell-AD-Script
PowerShell Scripts for Enumeration on AD and Local Hosts
virgilcj/PublicTools
virgilcj/RustiveDump
LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission.
virgilcj/Wifi-Forge
WifiForge is a tool developed by Black Hills InfoSec to help train Pentesters on different Wi-Fi attack vectors and Wireless capabilities.
virgilcj/WiFiChallengeLab-docker
Virtualized WiFi pentesting laboratory without the need for physical WiFi cards, using mac80211_hwsim. Docker version of WiFiChallenge Lab with modifications in the challenges and improved stability. Ubuntu virtual machine with virtualized networks and clients to perform WiFi attacks on OPN, WPA2, WPA3 and Enterprise networks.