ongyuann's repositories
PPLDescribe
Tool for obtaining information about PPL processes
conditional-love
An AWS metadata enumeration tool by Plerion
gMSADumper
Lists who can read any gMSA password blobs and parses them if the current user has access.
Rubeus
Trying to tame the three-headed dog.
how2heap
A repository for learning various heap exploitation techniques.
bofhound
Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
ssh3
SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396
GraphStrike
Cobalt Strike HTTPS beaconing over Microsoft Graph API
caOptics
CA Optics - Azure AD Conditional Access Gap Analyzer
firedrill
firedrill is a malware simulation harness for evaluating your security controls
ROADtools
A collection of Azure AD tools for offensive and defensive security purposes
Havoc
The Havoc Framework.
LOLSpoof
An interactive shell to spoof some LOLBins command line
Havoc-Agent-Handler
This is a third party agent for Havoc C2 written in golang.
learning-malware-analysis
This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware.
Steamless
Steamless is a DRM remover of the SteamStub variants. The goal of Steamless is to make a single solution for unpacking all Steam DRM-packed files. Steamless aims to support as many games as possible.
havoc-bloodhound
A GUI wrapper inside of Havoc to interact with bloodhound CE
nanodump
The swiss army knife of LSASS dumping
Windows-Local-Privilege-Escalation-Cookbook
Windows Local Privilege Escalation Cookbook
GTFONow
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
AD-AssessmentKit
Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying, Kerberos ticket analysis, SMB enumeration, and exploitation of known vulnerabilities like Zerologon and PetitPotam.
Stinger
CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.
InsightEngineering
Hardcore Debugging
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
ASM-Utils
ASM scripts useful for basic operations from the user side.
SignToolEx
Patching "signtool.exe" to accept expired certificates for code-signing.
Specter
Used to detect rogueAP and evil twin attacks and all those nastly evil wireless attacks
EDRception
A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
SharpDPAPI
SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.