InvokeThreatGuy's repositories
C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
mitmproxy2swagger
Automagically reverse-engineer REST APIs via capturing traffic
Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
AddressOfEntryPoint_Hijack_CSharp
Shellcode injection or execution via AddressOfEntryPoint hijack.
Apihashes
IDA Pro plugin for recognizing known hashes of API function names
chainsaw
Rapidly Search and Hunt through Windows Event Logs
Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
CreateThreadpoolWait_ShellcodeExecution_CSharp
Shellcode execution via CreateThreadpoolWait with Csharp
cuddlephish
Weaponized Browser-in-the-Middle (BitM) for Penetration Testers
Ekko
Sleep Obfuscation
Hunting-Queries-Detection-Rules
Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
IoRingReadWritePrimitive
Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2
iscsicpl_bypassUAC
UAC bypass for x64 Windows 7 - 11
Koh
The Token Stealer
kql-for-dfir
A guide to using Azure Data Explorer and KQL for DFIR
KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
msFlagsDecoder
Decode the values of common Windows properties such as userAccountControl and sAMAccountType.
Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
NlsCodeInjectionThroughRegistry
Dll injection through code page id modification in registry. Based on jonas lykk research
Office365
Office 365 scripts and information
PINKPANTHER
Windows x64 handcrafted token stealing kernel-mode shellcode
PowerHunt
PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.
RedEye
RedEye is a visual analytic tool supporting Red & Blue Team operations
Reverse-Engineering
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
SwiftInMemoryLoading
Swift implementation of in-memory Mach-O loading on macOS
wifipumpkin3
Powerful framework for rogue access point attack.
WizardOpium
Google Chrome Use After Free
wtf
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows.