Will Summerhill's starred repositories
PortBender
TCP Port Redirection Utility
TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
NativeDump
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)
Misconfiguration-Manager
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
Evilginx2-Phishlets
Evilginx3 Phishlets version (0.2.3 & above) Only For Testing/Learning Purposes
flare-floss
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
ThreadlessInject-BOF
BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.
Shhhloader
Syscall Shellcode Loader (Work in Progress)
Cobalt-Strike-Profiles-for-EDR-Evasion
Cobalt Strike Profiles for EDR Evasion
COM-Hunter
COM Hijacking VOODOO
CredMaster
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
CsWhispers
Source generator to add D/Invoke and indirect syscall methods to a C# project.
CursedChrome
Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
GraphStrike
Cobalt Strike HTTPS beaconing over Microsoft Graph API
MutationGate
Use hardware breakpoint to dynamically change SSN in run-time
Evasive-Loader
Evasive loader to bypass static detection