TheWover's repositories

donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Language:CLicense:BSD-3-ClauseStargazers:3180Issues:81Issues:96

DInvoke

Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.

Language:C#License:MITStargazers:633Issues:14Issues:19

CertStealer

A .NET tool for exporting and importing certificates without touching disk.

Language:C#License:MITStargazers:463Issues:15Issues:0

GhostLoader

GhostLoader - AppDomainManager - Injection - 攻壳机动队

Language:C#Stargazers:140Issues:4Issues:0

TheWover.github.io

Blog. Watch the repo to subscribe

Language:SCSSLicense:MITStargazers:5Issues:3Issues:0

DLLHijackTest

DLL and PowerShell script to assist with finding DLL hijacks

Language:PowerShellStargazers:4Issues:1Issues:0

AllTheThingsExec

Executes Blended Managed/Unmanged Exports

Language:C#License:BSD-3-ClauseStargazers:2Issues:1Issues:0

Ghost-In-The-Logs

Evade sysmon and windows event logging

Language:CLicense:MITStargazers:2Issues:1Issues:0

StandIn

StandIn is a small .NET35/45 AD post-exploitation toolkit

Language:C#Stargazers:2Issues:1Issues:0

community-threats

The largest, public library of adversary emulation plans in JSON. A place to share custom SCYTHE threats with the community. #ThreatThursday

Language:PowerShellLicense:MITStargazers:1Issues:1Issues:0

Empire

Empire is a PowerShell and Python 3.x post-exploitation framework.

Language:PowerShellLicense:BSD-3-ClauseStargazers:1Issues:1Issues:0

endgame

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

Language:PythonLicense:MITStargazers:1Issues:1Issues:0

herpaderping

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Language:C++License:MITStargazers:1Issues:1Issues:0

JNDI-Exploit-Kit

JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)

Language:JavaLicense:MITStargazers:1Issues:1Issues:0

KrbRelayUp

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

Language:C#Stargazers:1Issues:0Issues:0

Lunar

A lightweight native DLL mapping library that supports mapping directly from memory

Language:C#License:MITStargazers:1Issues:1Issues:0

masm_shc

A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.

Language:C++License:MITStargazers:1Issues:1Issues:0

SharpKatz

Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands

Language:C#Stargazers:1Issues:1Issues:0

SharpSploit

SharpSploit is a .NET post-exploitation library written in C#

Language:C#License:BSD-3-ClauseStargazers:1Issues:2Issues:0

winget-cli

Windows Package Manager CLI (aka winget)

Language:C++License:MITStargazers:1Issues:1Issues:0

compound-actions

Compound Actions align with MITRE ATT&CK TTPs at the procedure level.

Language:PythonStargazers:0Issues:1Issues:0

community-modules

A place to share SCYTHE modules with the community.

Language:PythonLicense:MITStargazers:0Issues:0Issues:0

DotNetInjections

Loading Assemblies Into Processes, the All Natural Organic way

License:BSD-3-ClauseStargazers:0Issues:0Issues:0

DynamicWrapperDotNet

Dynamically Loads Assembly and Calls Methods from JScript

Language:C#License:BSD-3-ClauseStargazers:0Issues:0Issues:0

faxhell

A Bind Shell Using the Fax Service and a DLL Hijack

Language:CLicense:MITStargazers:0Issues:1Issues:0

Koppeling

Adaptive DLL hijacking / dynamic export forwarding

Language:C++License:GPL-3.0Stargazers:0Issues:1Issues:0
Language:CStargazers:0Issues:1Issues:0
Language:YARAStargazers:0Issues:1Issues:0

sandcat

A CALDERA plugin

Language:PythonLicense:Apache-2.0Stargazers:0Issues:1Issues:0

winget-pkgs-redteam

The Microsoft community Windows Package Manager manifest repository

Language:PowerShellLicense:MITStargazers:0Issues:2Issues:0