Mohamed El Azaar's starred repositories
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
Awesome-CobaltStrike-Defence
Defences against Cobalt Strike
CS-Situational-Awareness-BOF
Situational Awareness commands implemented using Beacon Object Files
SharpBlock
A method of bypassing EDR's active projection DLL's by preventing entry point exection
AMSITrigger
The Hunt for Malicious Strings
SharpGPOAbuse
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
MicrosoftWontFixList
A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
rewolf-wow64ext
Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.
ADExplorerSnapshot.py
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
Antivirus-Artifacts
Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
inline_syscall
Inline syscalls made easy for windows on clang
InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
sysmon-cheatsheet
All sysmon event types and their fields explained
recon-pipeline
An automated target reconnaissance pipeline.
physmem2profit
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
LiquidSnake
LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
ReflectiveDLLRefresher
Universal Unhooking
MalSeclogon
A little tool to play with the Seclogon service
FindObjects-BOF
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
CVE-2019-16098
Local privilege escalation PoC exploit for CVE-2019-16098
ParallelSyscalls
C# version of MDSec's ParallelSyscalls
vscode-language-aggressor
Cobalt Strike Aggressor extension for Visual Studio Code