JohnLaTwC

Shared

Shared Blogs and Notebooks

Mandiant-Azure-AD-Investigator

XLMMacroDeobfuscator

Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)

CS-Remote-OPs-BOF

pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

SharpUp

SharpUp is a C# port of various PowerUp functionality.

CS-Situational-Awareness-BOF

Situational Awareness commands implemented using Beacon Object Files

CustomKeyboardLayoutPersistence

Achieve execution using a custom keyboard layout

DarkLoadLibrary

LoadLibrary for offensive operations

DidierStevensSuite

Please no pull requests for this repository. Thanks!

DLL-Hijack-Search-Order-BOF

DLL Hijack Search Order Enumeration BOF

DocPlz

Documents Exfiltration project for fun and educational purposes

DrvMon

Advanced driver monitoring utility.

EDRSandblast

Firewall_Walker_BOF

A BOF to interact with COM objects associated with the Windows software firewall.

InlineExecute-Assembly

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module

LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

permhash

PPLdump

Dump the memory of a PPL with a userland exploit

PSBits

Simple (relatively) things allowing you to dig a bit deeper than usual.

Raccine

A Simple Ransomware Vaccine

rpcfirewall

SharpC2

Command and Control Framework written in C#.

SharpSCCM

A C# utility for interacting with SCCM

signature-base

Signature base for my scanner tools

speakeasy

Windows kernel and user mode emulation.

sunburst_countermeasures

TaskManagerBitmap

Displays a bitmap on Task Manager's CPU activity view. For systems with > 64 CPUs.

WinRpcFunctions

xPipe

Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions