maxbeckmann's starred repositories
ADExplorerSnapshot.py
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
windows-syscalls
Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
SysWhispers
AV/EDR evasion via direct system calls.
VBA-MemoryTools
Native memory manipulation in VBA
WFPExplorer
Windows Filtering Platform Explorer
WinObjEx64
Windows Object Explorer 64-bit
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
bootlicker
A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.
BlackLotus
BlackLotus UEFI Windows Bootkit
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x
ROP_ROCKET
ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Syscalls attack, a novel Heaven's Gate, and "shellcodeless" ROP. The framework utilizes emulation and obfuscation to help expand the attack surface.