Lefteris Panos's repositories
CARTP-cheatsheet
Azure AD cheatsheet for the CARTP course
ADExplorerSnapshot.py
ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.
ARCInject
Overwrite a process's recovery callback and invoke a crash to execute
BreadBear
A shitty PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/
DInjector
Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
DumpAADSyncCreds
C# implementation of Get-AADIntSyncCredentials from AADInternals, which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.
ForkPlayground
An implementation and proof-of-concept of Process Forking.
FunctionStomping
A new shellcode injection technique. Given as C++ header or standalone Rust program.
GoldenGMSA
GolenGMSA tool for working with GMSA passwords
KrbRelay
Framework for Kerberos relaying
LogMePwn
A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
MalSeclogon
A little tool to play with the Seclogon service
MinHook.NET
A C# port of the MinHook API hooking library
nanodump
Dumping LSASS has never been so stealthy
NtCreateUserProcess
Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html
RecycledGate
Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
ScheduleRunner
A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation
ShadowCoerce
MS-FSRVP coercion abuse PoC
shakeitoff
Windows LPE 0-day
SHAPESHIFTER
Companion PoC for the "Adventures in Dynamic Evasion" blog post
SharpASM
SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections allocated by the CLR.
SharpSecDump
.Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
SysGate
One gate to all syscalls!
SysWhispers3
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
TitanLdr
Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.
windows_hardening
Windows Hardening settings and configurations
YouMayPasser
You shall pass