Giters
InvokeThreatGuy (invokethreatguy)

invokethreatguy

Geek Repo

149

followers

174

following

2k

stars

Location:Toronto

Github PK Tool:Github PK Tool

InvokeThreatGuy's repositories

DefenderSwitch

Stop Windows Defender using the Win32 API

Stargazers:1Issues:0Issues:0

GoodHound

Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

Language:PythonStargazers:1Issues:0Issues:0

PrivFu

Kernel mode WinDbg extension and PoCs for token privilege investigation.

License:BSD-3-ClauseStargazers:1Issues:0Issues:0

AmsiHooker

Hookers are cooler than patches.

Stargazers:0Issues:0Issues:0

beacon-fronting

A simple command line program to help defender test their detections for network beacon patterns and domain fronting

License:MITStargazers:0Issues:0Issues:0

CSOps

Utility to manipulate codesigned application in Mac OS X. Demonstrate the use of csops system call.

Stargazers:0Issues:0Issues:0

CVE-2022-21882

win32k LPE

Stargazers:0Issues:0Issues:0

d3-flame-graph

A D3.js plugin that produces flame graphs from hierarchical data.

License:Apache-2.0Stargazers:0Issues:0Issues:0

DefenderStop

Stop Defender Service using C# via Token Impersonation

Stargazers:0Issues:0Issues:0

ese-analyst

This is a set of tools for doing forensics analysis on Microsoft ESE databases.

Stargazers:0Issues:0Issues:0

Fennec

Artifact collection tool for *nix systems

License:Apache-2.0Stargazers:0Issues:0Issues:0

Fido

A PowerShell script to download Windows ISOs or the UEFI Shell

License:GPL-3.0Stargazers:0Issues:0Issues:0

FunctionStomping

A new shellcode injection technique. Given as C++ header or standalone Rust program.

License:BSD-2-ClauseStargazers:0Issues:0Issues:0

m0yv

infector

Stargazers:0Issues:0Issues:0

manual-syscall-detect

A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.

License:MITStargazers:0Issues:0Issues:0

mitnal

Twitter client for UEFI

License:MITStargazers:0Issues:0Issues:0

NimGetSyscallStub

Get fresh Syscalls from a fresh ntdll.dll copy

License:BSD-3-ClauseStargazers:0Issues:0Issues:0

PackMyPayload

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

Stargazers:0Issues:0Issues:0

pharos

Automated static analysis tools for binary programs

License:NOASSERTIONStargazers:0Issues:0Issues:0

PoisonApple

macOS persistence tool

License:MITStargazers:0Issues:0Issues:0

PPLGuard

License:MITStargazers:0Issues:0Issues:0

process_overwriting

Yet another variant of Process Hollowing

Stargazers:0Issues:0Issues:0

RefleXXion

RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.

Stargazers:0Issues:0Issues:0

SeeYouCM-Thief

Stargazers:0Issues:0Issues:0

SnD_AMSI

Start new PowerShell without etw and amsi in pure nim

Stargazers:0Issues:0Issues:0

SpoolFool

Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)

License:MITStargazers:0Issues:0Issues:0

srum-dump

A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.

License:GPL-3.0Stargazers:0Issues:0Issues:0

Super-UEFIinSecureBoot-Disk

Super UEFIinSecureBoot Disk: Boot any OS or .efi file without disabling UEFI Secure Boot

Stargazers:0Issues:0Issues:0

TokenStomp

C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic

Stargazers:0Issues:0Issues:0

windows-itpro-docs

This is used for contributions to the Windows 10 content for IT professionals on docs.microsoft.com.

License:CC-BY-4.0Stargazers:0Issues:0Issues:0