ongyuann's repositories
HackSysExtremeVulnerableDriver
HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
SigmaPotato
SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.
CVE-2023-6553
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
PoolPartyBof
A beacon object file implementation of PoolParty Process Injection Technique.
tpm-spoofer
Simple proof of concept kernel mode driver hooking tpm.sys dispatch to randomize any public key reads
pryingdeep
Prying Deep - An OSINT tool to collect intelligence on the dark web.
HiddenDesktop
HVNC for Cobalt Strike
PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
SharpTokenFinder
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
StandIn
StandIn is a small .NET35/45 AD post-exploitation toolkit
esd2iso
Command line utility to create Windows 11 ARM ISOs from Microsoft ESD
revsocks
Reverse SOCKS5 implementation in Go
CoercedPotatoRDLL
Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
CrossC2
generate CobaltStrike's cross-platform payload
OffensiveLua
Offensive Lua.
portspoof
Portspoof
krbrelayx
Kerberos unconstrained delegation abuse toolkit
Modlishka
Modlishka. Reverse Proxy.
teams_dump
PoC for dumping and decrypting cookies in the latest version of Microsoft Teams
Darkside
C# AV/EDR Killer using less-known driver (BYOVD)
SMBLibrary
Free, Open Source, User-Mode SMB 1.0/CIFS, SMB 2.0, SMB 2.1 and SMB 3.0 server and client library
pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
PyHmmm
Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog post as a tutorial sample
CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ
Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)
Mockingjay_BOF
Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
beef
The Browser Exploitation Framework Project
chisel
A fast TCP/UDP tunnel over HTTP