Giters
Mohamed El Azaar (med0x2e)

med0x2e

Geek Repo

546

followers

3

following

93

stars

Company:Yo.

Location:127.0.0.1

Twitter:@med0x2e

Github PK Tool:Github PK Tool

Mohamed El Azaar's starred repositories

ImHex

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Language:C++License:GPL-2.0Stargazers:41607Issues:475Issues:1112

mvt

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

Language:PythonLicense:NOASSERTIONStargazers:10065Issues:248Issues:285

holehe

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

Language:PythonLicense:GPL-3.0Stargazers:7051Issues:108Issues:100

Havoc

The Havoc Framework.

Language:GoLicense:GPL-3.0Stargazers:6365Issues:98Issues:319

BadBlood

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.

Language:PowerShellLicense:GPL-3.0Stargazers:1961Issues:49Issues:7

PetitPotam

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

Language:CStargazers:1770Issues:28Issues:6

Awesome-CobaltStrike-Defence

Defences against Cobalt Strike

License:MITStargazers:1259Issues:56Issues:5

CS-Situational-Awareness-BOF

Situational Awareness commands implemented using Beacon Object Files

Language:CLicense:GPL-2.0Stargazers:1190Issues:37Issues:34

SharpBlock

A method of bypassing EDR's active projection DLL's by preventing entry point exection

Language:C#Stargazers:1079Issues:20Issues:10

AMSITrigger

The Hunt for Malicious Strings

Language:C#License:GPL-3.0Stargazers:1016Issues:13Issues:8

SharpGPOAbuse

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.

Language:C#Stargazers:1004Issues:32Issues:7

MicrosoftWontFixList

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

License:BSD-3-ClauseStargazers:933Issues:63Issues:4

rewolf-wow64ext

Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.

Language:C++Stargazers:923Issues:67Issues:17

ADExplorerSnapshot.py

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.

Language:PythonStargazers:841Issues:8Issues:28

ADCSPwn

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.

Language:C#Stargazers:808Issues:16Issues:4

Antivirus-Artifacts

Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.

Stargazers:721Issues:32Issues:2

inline_syscall

Inline syscalls made easy for windows on clang

Language:C++License:Apache-2.0Stargazers:649Issues:19Issues:6

InlineExecute-Assembly

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module

Language:CStargazers:566Issues:17Issues:1

sysmon-cheatsheet

All sysmon event types and their fields explained

License:MITStargazers:519Issues:23Issues:1

recon-pipeline

An automated target reconnaissance pipeline.

Language:PythonLicense:MITStargazers:420Issues:11Issues:63

physmem2profit

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

Language:C#License:Apache-2.0Stargazers:388Issues:15Issues:12

memhunter

Live hunting of code injection techniques

Language:C++License:MITStargazers:367Issues:34Issues:0

LiquidSnake

LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

Language:C#Stargazers:321Issues:8Issues:1

ReflectiveDLLRefresher

Universal Unhooking

Language:CLicense:NOASSERTIONStargazers:314Issues:14Issues:4

MalSeclogon

A little tool to play with the Seclogon service

Language:CLicense:GPL-3.0Stargazers:300Issues:6Issues:1

FindObjects-BOF

A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.

Language:CStargazers:266Issues:17Issues:0

CVE-2019-16098

Local privilege escalation PoC exploit for CVE-2019-16098

Language:C++Stargazers:190Issues:4Issues:1

ParallelSyscalls

C# version of MDSec's ParallelSyscalls

Language:C#Stargazers:139Issues:5Issues:0

vscode-language-aggressor

Cobalt Strike Aggressor extension for Visual Studio Code

License:BSD-3-ClauseStargazers:123Issues:5Issues:1

Pluto

A manual system call library that supports functions from both ntdll.dll and win32u.dll

Language:C#License:MITStargazers:109Issues:6Issues:1