matthw / malware_analysis
☆18Updated 5 months ago
Related projects: ⓘ
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆31Updated 4 months ago
- Perform Windows domain enumeration via LDAP☆36Updated 2 years ago
- Slides for the talk we presented as UniPi at DefCon's Red Team Village☆23Updated 2 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆61Updated 2 years ago
- CLI Search for Security Operators of MITRE ATT&CK URLs☆16Updated last year
- Python3 rewrite of AsOutsider features of AADInternals☆25Updated last week
- WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.☆50Updated 3 years ago
- ☆45Updated last year
- ☆29Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆49Updated last year
- Multi-threaded C2 framework built in Flask with keylogger - from the Offensive C# Course by Naga Sai Nikhil☆20Updated 2 years ago
- OSED Practice binary☆24Updated 9 months ago
- Searching .evtx logs for remote connections☆23Updated last year
- Extension functionality for the NightHawk operator client☆26Updated 10 months ago
- Brute Ratel LDAP filtering and sorting tool. Easily take BR log output and pull hostnames for ease of use with other red team tooling. Su…☆36Updated 10 months ago
- Retrieve LAPS passwords from a domain. The tools is inspired in pyLAPS.☆29Updated 3 months ago
- ☆41Updated 2 years ago
- in-process powershell runner for BRC4☆35Updated 10 months ago
- ☆17Updated this week
- A cloud automation system for Red Teams based on Terraform and Ansible☆24Updated 3 years ago
- ☆13Updated 11 months ago
- This repository contains several AMSI bypasses. These bypasses are based on some very nice research that has been put out by some awesome…☆23Updated 2 years ago
- ☆14Updated 6 months ago
- ☆42Updated 2 months ago
- Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged p…☆49Updated 2 years ago
- PoC MSI payload based on ASEC/AhnLab's blog post☆22Updated 2 years ago
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆33Updated last year
- A simple to use single-include Windows API resolver☆17Updated 2 months ago
- .NET port of Leron Gray's azbelt tool.☆26Updated 11 months ago
- Scripts to interact with Microsoft Graph APIs☆29Updated 2 months ago