Topotam's repositories
PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
EnumStrike
Cobalt Strike Aggressor script to automate host and domain enumeration.
AmsiScanBuffer
Digging deeper into AmsiScanBuffer internals, and identifying 7 possibles AMSI patching by forcing a conditional jump to a branch that sets the return value of AmsiScanBuffer to E_INVALIDARG and makes the AmsiScanBuffer fails
AtomLdr
A DLL loader with advanced evasive features
AtomPePacker
A Highly capable Pe Packer
BloodHound.py-Kerberos
A Python based ingestor for BloodHound
c_syscalls
Single stub direct and indirect syscalling with runtime SSN resolving for windows.
certsync
Dump NTDS with golden certificates and UnPAC the hash
CMLoot
Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares
CVE-2022-33679
One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
CVE-2022-3699
Lenovo Diagnostics Driver EoP - Arbitrary R/W
DCMB
Dont Call Me Back - Dynamic kernel callback resolver.
FlavorTown
Various ways to execute shellcode
Freeze
Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
GetFGPP
Get Fine Grained Password Policy
Havoc
The Havoc Framework
Inline-Execute-PE
Execute unmanaged Windows executables in CobaltStrike Beacons
KeeFarceReborn
A standalone DLL that exports databases in cleartext once injected in the KeePass process.
MCP-PoC
Minifilter Callback Patching Proof-of-Concept
ObfLoader
MAC, IPv4, UUID shellcode Loaders and Obfuscators to obfuscate the shellcode and using some native API to converts it to it binary format and loads it.
rust_syscalls
Single stub direct and indirect syscalling with runtime SSN resolving for windows.
SharpNTLMRawUnHide
C# version of NTLMRawUnHide
TerraLdr
A Payload Loader Designed With Advanced Evasion Features
WinShellcode
Make your own windows shellcode