Jonathan Reiter's repositories
adversary_emulation_library
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
alpaca
Serialization library written in C++17 - Pack C++ structs into a compact byte-array without any macros or boilerplate code
Artillery
UAC Bypass COM object to write to System32
Havoc
The Havoc Framework.
Banshee-Rootkit
Experimental Windows x64 Kernel Rootkit.
cookie-monster
BOF to steal browser cookies & credentials
CreateService_Win
File backup
DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
EDRception
A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
Jigsaw
Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
KasperskyHook
Hook system calls on Windows by using Kaspersky's hypervisor
MemoryModule
Library to load a DLL from memory.
mmLoader
A library for loading dll module bypassing windows PE loader from memory (x86/x64)
no-defender
A slightly more fun way to disable windows defender. (through the WSC api)
NTFSObjectIDParser
Digital Forensic tool parsing the $ObjID index file and correlating it with the $MFT
ntfstool
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
PrivFu-getsysem
Kernel mode WinDbg extension and PoCs for token privilege investigation.
Reflective_PE_Loader
Program to load a PE inside memory on another process.
RexLdr
Rex Shellcode Loader for AV/EDR evasion
sliver-copy
Adversary Emulation Framework
Stinger
UAC bypass
String-Obfuscator
Guaranteed compile-time string literal obfuscation header-only library for C++14
SysWhispers3
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
websocketpp
C++ websocket client/server library
WMIProcMon
WMI procmon