Lefteris Panos's repositories
3aj-lib
Proof of concept communications from C# via a web browser process
acCOMplice
Tools for discovery and abuse of COM hijacks
citrix-printer-exfil
POC to Exfiltrate Data from Citrix using Client Printer Redirection
COMInterop
Example on how to consume a COM server from a .NET client and a .NET server from a COM client. Examples are for both using the Registry and for RegFree.
CSharpSetThreadContext
C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThreadContext to evade Get-InjectedThread
DanSpecial
Weaponizing Gigabyte driver for priv escalation and bypass PPL
DLLFromMemory-net
C# library to load a native DLL from memory without the need to allow unsafe code
dnSpy
.NET debugger and assembly editor
instrumentation-callbacks
based on https://github.com/secrary/Hooking-via-InstrumentationCallback
Lepus
Subdomain finder
Malproxy
Proxy system calls over an RPC channel
NET-Assembly-Inject-Remote
.NET assembly local/remote loading/injection into memory.
physmem_drivers
A collection of various vulnerable (mostly physical memory exposing) drivers.
Random-CSharpTools
Collection of CSharp Assemblies focused on Post-Exploitation Capabilities
ReflectiveDLLRefresher
Universal Unhooking
RunDllMShim
Run Managed Assemblies with RunDll
SharpDoor
SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
SharpGPOAbuse
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
SharpSpray
SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.
ShellcodeStdio
An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
silentbridge
Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
slurp
The original slurp source
spoofing-office-macro
:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.
SpoolSample
PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.
SvcHostDemo
Demo service that runs in svchost.exe
thotcon0xa
Content from THOTCON 0xa talk
TRunPE
A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original entrypoint.
urban-dictionary-word-list
Script and sample dataset of all urban dictionary entry names (around 1.4 million total)
vulcan
a tool to make it easy and fast to test various forms of injection