JoeyVerleg's starred repositories
edr-artifacts
This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Demystifying-KQL
Content Repo for Demystifying KQL Tutorial Series
sccm-http-looter
Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)
ShadowSpray
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
Invoke-SessionHunter
Retrieve and display information about active user sessions on remote computers. No admin privileges required.
DefenderYara
Extracted Yara rules from Windows Defender mpavbase and mpasbase
Misconfiguration-Manager
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
Cortex-XDR-Config-Extractor
Cortex XDR Config Extractor
bof-collection
Collection of Beacon Object Files (BOF) for Cobalt Strike
BHCEupload
A small go tool to upload JSON files to the BloodHound community edition API
ShredHound
Small utility to chunk up a large BloodHound JSON file into smaller files for importing.
No-Consolation
A BOF that runs unmanaged PEs inline
PoolPartyBof
A beacon object file implementation of PoolParty Process Injection Technique.
ChromeKatz
Dump cookies and credentials directly from Chrome/Edge process memory
GraphStrike
Cobalt Strike HTTPS beaconing over Microsoft Graph API
frameless-bitb
A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.
CertStealer
A .NET tool for exporting and importing certificates without touching disk.
PKINITtools
Tools for Kerberos PKINIT and relaying to AD CS
gssapi-abuse
A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks
Kerbeus-BOF
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
NerfDefender
BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
maliciousCodeMatchingMFA
A small executable to trick a user to authenticate using code matching MFA