Hubbl3 / ThreatCheck
Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
☆11Updated 5 months ago
Related projects ⓘ
Alternatives and complementary repositories for ThreatCheck
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆33Updated 5 months ago
- in-process powershell runner for BRC4☆37Updated last year
- A repo of scripts I find helpful for daily tasks.☆26Updated 6 months ago
- Create PDFs with HTML smuggling attachments that save on opening the document.☆27Updated last year
- Minimal Windows Service Template for demonstrating privilege escalation via weak service executable permissions☆13Updated last year
- A BOF tool that can be used to collect passwords using CredUIPromptForWindowsCredentialsName.☆11Updated 2 years ago
- Bypassing Amsi using LdrLoadDll☆20Updated 2 weeks ago
- ☆46Updated last year
- ☆15Updated last year
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆51Updated 5 months ago
- Brief writeup of post exploitation methodologies.☆17Updated last year
- Quick and dirty PowerShell script to abuse the overly permissive capabilities of the SYSTEM user in a child domain on the Public Key Serv…☆25Updated last year
- A script that parses PowerView's output for GPO analysis. Integrated into bloodhound to find misconfigurations of URA, SMB signing etc☆12Updated 4 years ago
- Enumerate the Domain for Readable and Writable Shares☆15Updated 5 months ago
- Python3 rewrite of AsOutsider features of AADInternals☆36Updated last month
- ☆25Updated last year
- Reflective shellcode runners using obfuscated Win32 APIs in C# and C++ (GetProcAddress & GetModuleHandle). For penetration testing.☆10Updated 6 months ago
- Scripts to interact with Microsoft Graph APIs☆31Updated this week
- Automatically extract and decrypt all configured scanning credentials of a Lansweeper instance.☆33Updated last month
- A care package of useful bofs for red team engagments☆48Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 3 months ago
- Extract registry and NTDS secrets from local or remote disk images☆28Updated 2 months ago
- .NET port of Leron Gray's azbelt tool.☆26Updated last year
- PoC MSI payload based on ASEC/AhnLab's blog post☆22Updated 2 years ago
- Items related to the RedELK workshop given at security conferences☆27Updated last year
- PDump is a project for dumping leaked credentials from DEHASHED☆15Updated 9 months ago
- ☆68Updated last year
- A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system☆26Updated last week
- ☆35Updated 2 weeks ago