Jonathan Reiter's repositories
adversary_emulation_library
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
alpaca
Serialization library written in C++17 - Pack C++ structs into a compact byte-array without any macros or boilerplate code
Havoc
The Havoc Framework.
Banshee-Rootkit
Experimental Windows x64 Kernel Rootkit.
Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
cookie-monster
BOF to steal browser cookies & credentials
CreateService_Win
File backup
DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
EDRPrison
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
Jigsaw
Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
KasperskyHook
Hook system calls on Windows by using Kaspersky's hypervisor
lsa-whisperer
Tools for interacting with authentication packages using their individual message protocols
MemoryModule
Library to load a DLL from memory.
mmLoader
A library for loading dll module bypassing windows PE loader from memory (x86/x64)
no-defender
A slightly more fun way to disable windows defender. (through the WSC api)
NTFSObjectIDParser
Digital Forensic tool parsing the $ObjID index file and correlating it with the $MFT
ntfstool
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
PE-LiteScan
A simple crossplatform heuristic PE-analyzer
PrivFu-getsysem
Kernel mode WinDbg extension and PoCs for token privilege investigation.
Reflective_PE_Loader
Program to load a PE inside memory on another process.
RexLdr
Rex Shellcode Loader for AV/EDR evasion
sliver-copy
Adversary Emulation Framework
String-Obfuscator
Guaranteed compile-time string literal obfuscation header-only library for C++14
Voidgate-scode-encryptor
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
websocketpp
C++ websocket client/server library