TheWover's repositories
CertStealer
A .NET tool for exporting and importing certificates without touching disk.
GhostLoader
GhostLoader - AppDomainManager - Injection - 攻壳机动队
TheWover.github.io
Blog. Watch the repo to subscribe
DLLHijackTest
DLL and PowerShell script to assist with finding DLL hijacks
AllTheThingsExec
Executes Blended Managed/Unmanged Exports
Ghost-In-The-Logs
Evade sysmon and windows event logging
community-threats
The largest, public library of adversary emulation plans in JSON. A place to share custom SCYTHE threats with the community. #ThreatThursday
herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
JNDI-Exploit-Kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
SharpSploit
SharpSploit is a .NET post-exploitation library written in C#
winget-cli
Windows Package Manager CLI (aka winget)
compound-actions
Compound Actions align with MITRE ATT&CK TTPs at the procedure level.
community-modules
A place to share SCYTHE modules with the community.
DotNetInjections
Loading Assemblies Into Processes, the All Natural Organic way
DynamicWrapperDotNet
Dynamically Loads Assembly and Calls Methods from JScript
winget-pkgs-redteam
The Microsoft community Windows Package Manager manifest repository