malcomvetter

Periscope

Fully Integrated Adversarial Operations Toolkit (C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation)

CSExec

An implementation of PSExec in C#

ManagedInjection

A proof of concept for dynamically loading .net assemblies at runtime with only a minimal convention pre-knowledge

NamedPipes

A pattern for client/server communication via Named Pipes via C#

UnstoppableService

A pattern for a self-installing Windows service in C# with the unstoppable attributes in C#.

fake-ransomware

A non-destructive, but ANNOYING ransomware lookalike for use with red team exercises.

WMIProcessWatcher

An example pattern in C# for using WMI to monitor process creation and termination events.

DnsCache

AntiDebug

PoC: Prevent a debugger from attaching to managed .NET processes via a watcher process code pattern.

WidgetSender

Intentionally Vulnerable Demo App: .NET MVC, WCF, WebAPI, Web Forms

ChromePasswords

WhoDis

An example pattern in C# for watching security events (logon/logoff/privilege)

BlueScreenOnExit

PoC of a protected process causing a blue screen if killed.

CertCheck

Programmatically access a TLS certificate chain in C++ and C#

RunAs

An example in C# for programmatically calling UAC to escalate to admin

DieHard

PoC: process watcher patterns to make killing a process hard.

TLAD

The Totally Legit Authentication Dialog

ProtectProcessFromJoeUser

PoC: Protecting Joe User from killing his own process.

Trojan-RetailDiagnostics

SpoofParentProcess

CAPE

Malware Configuration And Payload Extraction

netstat

taskkill

WindowsSessions

dns

A DNS library written in C#

HappySad

Sometimes you just need a Happy EXE and a Sad EXE

screenshot

SunburstStrings

NetAPI

Example for how to call the NetAPI for local user/group management in Windows via C++

XOREncryption

XOR encryption implementations for several languages.