Hagrid29's repositories
DuplicateDump
Dumping LSASS with a duplicated handle from custom LSA plugin
RemotePatcher
Patch AMSI and ETW in remote process via direct syscall
AbuseAzureAPIPermissions
Abuse Azure API permissions for red teaming
BOF-SprayAD
Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
herpaderply_hollowing
Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
BOF-DCOMPotato-PrintNotify
Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object to DCOM call of PrintNotify.
DumpAADSyncCreds
C# implementation of Get-AADIntSyncCredentials from AADInternals, which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.
CertifyKit
Active Directory certificate abuse
BOF-CredUI
Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
BOF-RemoteRegSave
Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
DumpAADUserRPT
DumpAADUserRPT is C# implementation of Get-AADIntUserPRTToken from AADInternals which obtain Primary Refresh Token
ForeScout-SecureConnector-EoP
Arbitrary File Delete in Forescout SecureConnector before 11.3.06.0063
ReadWrite-DCOM
Perform directory listing, read and write file on remote computer via DCOM methods