Giters
Lee Baird (leebaird)

leebaird

Geek Repo

552

followers

4

following

237

stars

Github PK Tool:Github PK Tool

Lee Baird's starred repositories

drawio-desktop

Official electron build of draw.io

Language:JavaScriptLicense:Apache-2.0Stargazers:47551Issues:523Issues:1402

donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Language:CLicense:BSD-3-ClauseStargazers:3325Issues:82Issues:102

NetExec

The Network Execution Tool

Language:PythonLicense:BSD-2-ClauseStargazers:2473Issues:22Issues:109

pwndrop

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

Language:JavaScriptLicense:GPL-3.0Stargazers:1915Issues:44Issues:44

HiddenDesktop

HVNC for Cobalt Strike

Language:CLicense:MITStargazers:1120Issues:15Issues:4

Red-Teaming-TTPs

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!

Stargazers:1045Issues:20Issues:0

TeamsPhisher

Send phishing messages and attachments to Microsoft Teams users

Language:PythonStargazers:982Issues:10Issues:27

MANSPIDER

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

Language:PythonLicense:GPL-3.0Stargazers:947Issues:21Issues:29

weirdAAL

WeirdAAL (AWS Attack Library)

Language:PythonStargazers:762Issues:26Issues:55

PurpleSharp

PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments

Language:C#License:BSD-3-ClauseStargazers:751Issues:31Issues:6

Freeze.rs

Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST

Language:RustLicense:MITStargazers:704Issues:18Issues:7

ADCSKiller

An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer

Language:PythonLicense:MITStargazers:685Issues:6Issues:8

Killer

Killer tool is designed to bypass AV/EDR security tools using various evasive techniques.

Language:C++Stargazers:676Issues:7Issues:3

proxycannon-ng

A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference

Language:ShellStargazers:593Issues:30Issues:12

DarkWidow

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

Language:CLicense:MITStargazers:483Issues:10Issues:1

windows-coerced-authentication-methods

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

Language:PythonStargazers:471Issues:10Issues:2

RedTeam-Physical-Tools

Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.

License:MITStargazers:444Issues:10Issues:0

UAC-BOF-Bonanza

Collection of UAC Bypass Techniques Weaponized as BOFs

Language:CLicense:GPL-3.0Stargazers:355Issues:8Issues:1

PrivKit

PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.

Language:CLicense:GPL-3.0Stargazers:336Issues:5Issues:0

hades

Go shellcode loader that combines multiple evasion techniques

Language:GoLicense:GPL-3.0Stargazers:329Issues:7Issues:1

LightsOut

Generate an obfuscated DLL that will disable AMSI & ETW

Language:PythonLicense:GPL-3.0Stargazers:308Issues:6Issues:1

Caro-Kann

Encrypted shellcode Injection to avoid Kernel triggered memory scans

Language:CStargazers:308Issues:5Issues:4

Proxy-DLL-Loads

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

Language:CLicense:MITStargazers:300Issues:7Issues:4

PowershellKerberos

Some scripts to abuse kerberos using Powershell

Language:PowerShellStargazers:298Issues:4Issues:1

lnkbomb

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

Language:PythonLicense:MITStargazers:284Issues:6Issues:1

GregsBestFriend

GregsBestFriend process injection code created from the White Knight Labs Offensive Development course

Language:C++License:MITStargazers:154Issues:3Issues:0

Direct-Syscalls-A-journey-from-high-to-low

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

Language:CStargazers:121Issues:2Issues:1

evilginx2-TTPs

Reverse engineered to remove IOCs, added Exchange Online Protection IP blacklist and bing-bot user-agent blocking, DNS configuration and notes on usage.

Language:GoLicense:GPL-3.0Stargazers:61Issues:4Issues:0

donut-demos

Demos of Donut used in conferences, etc. Mostly for my use, but free for others to use as a reference.

Stargazers:29Issues:4Issues:0

Athena

Dehashed API CLI

Language:PythonStargazers:17Issues:0Issues:0