wsummerhill

Will Summerhill's starred repositories

BloodHoundCustomQueries

My BloodHound custom queries

Language:Makefile2300

dploot

DPAPI looting remotely in Python

Language:PythonMIT38200

pyldapsearch

Tool for issuing manual LDAP queries which offers bofhound compatible output

Language:PythonBSD-4-Clause4700

Shellcode-Hide

This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp, socket)

Language:C++MIT38400

D1rkLdr

Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscall instruction address resolving at run time

Language:C++MIT29400

SharpWhispers

C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.

Language:C#10000

Inline-Execute-PE

Execute unmanaged Windows executables in CobaltStrike Beacons

Language:CApache-2.061300

CrossLinked

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

Language:PythonGPL-3.0120500

SQLRecon

A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.

Language:C#BSD-3-Clause60600

Snaffler

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

Language:C#GPL-3.0192100

PassTheChallenge

Recovering NTLM hashes from Credential Guard

Language:CMIT31800

sliver

Adversary Emulation Framework

Language:GoGPL-3.0798100

BOFs

Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.

Language:C16300

CheckPlease

Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.

Language:GoGPL-3.089500

z85

ZeroMQ Base-85 Encoding library C/C++

Language:C++BSD-2-Clause5500

FlavorTown

Various ways to execute shellcode

Language:C#BSD-3-Clause47000

garble

Obfuscate Go builds

Language:GoBSD-3-Clause372200

Shellcode-Injection-Techniques

A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some techniques are better than others at bypassing AV.

Language:C#44700

RemotePatcher

Patch AMSI and ETW in remote process via direct syscall

Language:C7500

SourcePoint

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

Language:Go100700

SigFlip

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

Language:C#MIT100800

frostbyte

FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads

Language:C#36900

PackMyPayload

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

Language:PythonMIT82100

SysWhispers3

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

Language:PythonApache-2.0121100

SQLRecon

A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.

Language:C#BSD-3-Clause37900

VX-API

Collection of various malicious functionality to aid in malware development

Language:C++MIT136900

Awesome_Malware_Techniques

This is a repository of resource about Malware techniques

62300

wsummerhill

Will Summerhill's starred repositories

BloodHoundCustomQueries

dploot

pyldapsearch

siofra

Shellcode-Hide

D1rkLdr

SharpWhispers

Inline-Execute-PE

CrossLinked

EDRSandblast

SQLRecon

Alcatraz

Snaffler

PassTheChallenge

sliver

BOFs

CheckPlease

z85

FlavorTown

garble

Shellcode-Injection-Techniques

RemotePatcher

SourcePoint

SigFlip

frostbyte

PackMyPayload

SysWhispers3

SQLRecon

VX-API

Awesome_Malware_Techniques