tothi's starred repositories
PlayIntegrityFix
Fix Play Integrity (and SafetyNet) verdicts.
ATC_MiThermometer
Custom firmware for the Xiaomi Thermometers and Telink Flasher
PlayIntegrityFork
Fix Play Integrity (and SafetyNet) verdicts, allowing custom fields and props
ChromeKatz
Dump cookies and credentials directly from Chrome/Edge process memory
steganography
Simple C++ Image Steganography tool to encrypt and hide files insde images using Least-Significant-Bit encoding.
CVE-2024-38063
poc for CVE-2024-38063 (RCE in tcpip.sys)
TokenTactics
Azure JWT Token Manipulation Toolset
DavRelayUp
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
EVTX-to-MITRE-Attack
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
EDR-Preloader
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
C2_RedTeam_CheatSheets
Useful C2 techniques and cheatsheets learned from engagements
BackupOperatorToDA
From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
PowershellKerberos
Some scripts to abuse kerberos using Powershell
cookie-monster
BOF to steal browser cookies & credentials
KeyTabExtract
Extracts Key Values from .keytab files
TokenTacticsV2
A fork of the great TokenTactics with support for CAE and token endpoint v2
ariston-remotethermo-home-assistant-v3
Ariston NET remotethermo integration for Home Assistant based on API
vscode-compare-folders
The source code of the extension CompareFolders
deviceCode2WinHello
A small script that automates Entra ID persistence with Windows Hello For Business key
officedump
Dump document encryption password from Office process memory
chunk-nordic
Yet another TCP-over-HTTP(S) tunnel