KyleEvers

awsips

Daily Cron Script the grabs, parses, and outputs the IP addresses and CIDR blocks used for AWS/Cloudfront

DomainInvestigator

Generates the corresponding IP(s), registrant information, country, and existence of a CDN/Load Balancer given a domain or list of domains

ShodanCIDRQuery

Query Shodan for a given CIDR range(s) saving the raw output or explicitly get Open Ports, Hostnames, and CVEs/Vulns

APIHashReplace

Repository for API Hashing script detailed in the Huntress Blog

AtomicSyscall

Tools and PoCs for Windows syscall investigation.

BAADTokenBroker

badger-builder

badger-builder is an AI-assisted tool for generating dynamic Brute Ratel C4 profiles

CertCrawler

This script utilizes cert transparency logs to identify subdomains, identify if they are live, and identify the corresponding organizational ownership

SharpCollection

Daily builds of common C# offensive tools, built via Github actions

blom_key_distribution

Implementation of Blom's Key Distribution in Golang

bofhound

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

changeling

Change up a binary's embedded resources with this little creature.

Codecepticon

COFFLoader

DInjector

Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL

GraphStrike

Cobalt Strike HTTPS beaconing over Microsoft Graph API

HardHatC2

A c# Command & Control framework

Havoc

The Havoc Framework.

kyleevers.github.io

Ludus

Ludus is a system to build easy to use cyber environments, or "ranges" for testing and development.

ObfLoader

MAC, IPv4, UUID shellcode Loaders and Obfuscators to obfuscate the shellcode and using some native API to converts it to it binary format and loads it.

SharpC2

Command and Control Framework written in C#

SharpCollection-1

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

SharpHound4Cobalt

C# Data Collector for BloodHound with CobaltStrike integration (BOF.NET)

SharpUnhooker

C# Based Universal API Unhooker

SOAPHound

SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.

SourcePoint

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

Spartacus

Spartacus DLL/COM Hijacking Toolkit

TangledWinExec

C# PoCs for investigation of Windows process execution techniques

XorStringsNET

Easy XOR string encryption for NET based binaries