bhassani's repositories
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
BeaconEye
Hunts out CobaltStrike beacons and logs operator command output
CheeseTools
Self-developed tools for Lateral Movement/Code Execution
CobaltStrikeScan
Scan files or process memory for CobaltStrike beacons and parse their configuration
CVE-2020-1472_ZeroLogonChecker
C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon
CVE-2021-1675
C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
CVE-2021-36934
C# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM
DeployPrinterNightmare
C# tool for installing a shared network printer abusing the PrinterNightmare bug to allow other network machines easy privesc!
DLLHijackingScanner
This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification.
EfsPotato
Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
GetInjectedThreads
C# Implementation of Jared Atkinson's Get-InjectedThread.ps1
goDomain
Windows活动目录中的LDAP信息收集工具
GoPEInjection
Golang PE injection on windows
HOLLOW
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
Huan
Encrypted PE Loader Generator
inceptor
Template-Driven AV/EDR Evasion Framework
Injector
Complete Arsenal of Memory injection and other techniques for red-teaming in Windows
OSEP-Code-Snippets
A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
process_ghosting
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
SharpCGHunter
Receive the status of Windows Defender Credential Guard on network hosts.
SharpGPO
A Red Team tool for remotely manipulating Group Policy Object(GPO), Organizational Unit(OU), GPLink and Security Filtering
SharpNamedPipePTH
Pass the Hash to a named pipe for token Impersonation
SharpZeroLogon
Zerologon Exploiter I used on Cobalt Strike
SysWhispers
AV/EDR evasion via direct system calls.
Windows-Non-Paged-Pool-Overflow-Exploitation
Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CVE-2020-17087 and an off-by-one overflow
winx64-InjectAllProcessesMeterpreter-Shellcode
64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.