Ceri Coburn's repositories
SweetPotato
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
SharpBlock
A method of bypassing EDR's active projection DLL's by preventing entry point exection
ThreadlessInject
Threadless Process Injection using remote function hooking.
MirrorDump
Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory
okta-terrify
Okta Verify and Okta FastPass Abuse Tool
MinHook.NET
A C# port of the MinHook API hooking library
gssapi-abuse
A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks
InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
nodebb-plugin-onesignal
Allows NodeBB to interface with the OneSignal service in order to provide push notifications via OneSignal, originally forked from nodebb-plugin-pushbullet
sandbox-attacksurface-analysis-tools
Set of tools to analyze Windows sandboxes for exposed attack surface.
SharpHoundCommon
Common library used by SharpHound.