Conor Richard's repositories
manual-syscall-detect
A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
SysWhispers2
AV/EDR evasion via direct system calls.
atomiccaldera
A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files.
Useful-BloodHound-Queries
A collection of Neo4j/BloodHound queries to collect interesting information.
SessionHound
A pair of scripts to import session and local group information that has been collected from alternate data sources into BloodHound's Neo4j database.
compressedCredBandit
A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.
SharpMailBOF
A BOF.NET program to split a file into smaller chunks and email it via a specified SMTP relay.
shellcode-learning
Working repository to store shellcode I am using to learn.
Python-Exploit-Snippets
A collection of Python code snippets to aid in the authoring of Python Based PoCs.
xenoscr.github.io
Conor Richard's (@xenoscr) GitHub.io Blog content
AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Creality-Ender-3-Max-Marlin-Configuration
Marlin configuration files for the Creality Ender 3 Max with a BL-Touch.
DetectionLab-XenosCR
Automate the creation of a lab environment complete with security tooling and logging best practices
experiments
Expriments
lab-scripts
Some scripts I use to help speed up lab machine setups.
loadlibrary
Porting Windows Dynamic Link Libraries to Linux
LOLBAS-old
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Proxy-Function-Calls-For-ETwTI
The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
qmk_firmware
Open-source keyboard firmware for Atmel AVR and Arm USB families
SharpUnhooker
C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)
shellcode-odzhan
Shellcodes for Windows/Linux/BSD running on x86, AMD64, ARM, ARM64
threaded-bucket-finder
A python script to find S3 Buckets for penetration testing or other engagements.
YubiKey-Guide
Guide to using YubiKey for GPG and SSH