InvokeThreatGuy's repositories
Abused-Legitimate-Services
Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Ares
Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
cuckoo3
Cuckoo 3 is a Python 3 open source automated malware analysis system.
dll-exports
Collection of DLL function export forwards for DLL export function proxying
EtwTi-Syscall-Hook
A simple program to hook the current process to identify the manual syscall executions on windows
Hunt-Sleeping-Beacons
Aims to identify sleeping beacons
HyperDbg
The HyperDbg project is a hypervisor-based, kernel-mode, and user-mode debugger that aims to bring innovative ideas to the debuggers world!
Ivy
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
kernels-data
Windows kernel PDB data parsed into YAML
Kryptor
A simple, modern, and secure encryption and signing tool that aims to be a better version of age and Minisign.
LdapRelayScan
Check for LDAP protections regarding the relay of NTLM authentication
Log4jUnifi
Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more.
MalMemDetect
Detect strange memory regions and DLLs
masm_shc
A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
ParallelSyscalls
C# version of MDSec's ParallelSyscalls
Proof-of-Concept-Collection
Collection of open source Malware Techniques distributed online
Pwn
Advanced exploits that I wrote for Pwn2Own competitions and other occasions
pwncat
Fancy reverse and bind shell handler
rogue-jndi
A malicious LDAP server for JNDI injection attacks
SecurityCamp
セキュリティキャンプ2021
ShadowCoerce
MS-FSRVP coercion abuse PoC
SharpGhosting
Process Ghosting in C#
Spray365
Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.
SysmonSimulator
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
VeraCryptThief
Extracting clear-text passwords from VeraCrypt.exe using API hooking
vortex
VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit