Robert Wilson's repositories
IORI_Loader
UUID shellcode Loader with dynamic indirect syscall implementation, syscall number/instruction get resolved dynamicaly at runtime, and the syscall number/instruction get unhooked using Halosgate technique. Function address get resolved from the PEB by offsets and comparaison by hashes
AtomPePacker
A Highly capable Pe Packer
awesome-flipperzero
🐬 A collection of awesome resources for the Flipper Zero device.
cmstplua-uac-bypass
Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.
dissect.cobaltstrike
Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
DragonCastle
A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
DriverNoImage
以shellcode注入其它驱动执行,躲避驱动签名检测,曾pubg项目中使用,,,当然现在,,,
EDD
Enumerate Domain Data
exe_who
Executables on Disk? Bleh 🤮
ExecRemoteAssembly
Execute Remote Assembly with args passing and with AMSI and ETW patching
Firefox-WebInject
Firefox webInjector capable of injecting codes into webpages usint a mitmproxy.
geacon_pro
跨平台重构了Cobaltstrike Beacon,适配了大部分Beacon的功能,行为对国内主流杀软免杀,支持4.1以上的版本。 A cobaltstrike Beacon bypass anti-virus, supports 4.1+ version.
llvm-msvc-build
Build llvm-msvc
MCP-PoC
Minifilter Callback Patching Proof-of-Concept
NoRunPI
Run Your Payload Without Running Your Payload
PassTheCert
Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
RedEye
RedEye is a visual analytic tool supporting Red & Blue Team operations
ScreenshotBOF
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.
ShadowSpray
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
Spartacus
Spartacus DLL Hijacking Discovery Tool
SSN_Resolver
dynamically resolving System Service Number (syscall number) by offsets from the PEB with API hashing
TerraLdr
A Payload Loader Designed With Advanced Evasion Features
vba2clr
Running .NET from VBA
WAMBam
Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post