Merge branch 'master' of github.com:pe3zx/my-infosec-awesome

2024-10-01 07:45:36 -04:00 · 2021-12-01 00:55:45 +07:00 · 2021-12-01 00:55:45 +07:00 · b911d49b01
commit b911d49b01
parent a1cf85b8b3 4cfd1da462
2 changed files with 40 additions and 0 deletions
--- a/Offensive.md
+++ b/Offensive.md
@ -478,6 +478,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/mai1zhi2/SharpBeacon">mai1zhi2/SharpBeacon</a></td>
        <td>CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon，其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/MarkoH17/Spray365">MarkoH17/Spray365</a></td>
+        <td>Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/maxlandon/wiregost">maxlandon/wiregost</a></td>
        <td>Golang Implant & Post-Exploitation Framework</td>
@ -699,6 +703,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/xpn/NautilusProject">xpn/NautilusProject</a></td>
        <td>A collection of weird ways to execute unmanaged code in .NET</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/V1V1/OffensiveAutoIt">V1V1/OffensiveAutoIt</a></td>
+        <td>Offensive tooling notes and experiments in AutoIt v3</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/yqcs/ZheTian">yqcs/ZheTian</a></td>
        <td>ZheTian Powerful remote load and execute ShellCode tool</td>
@ -882,6 +890,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/sailay1996/delete2SYSTEM">sailay1996/delete2SYSTEM</a></td>
        <td>Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/S3cur3Th1sSh1t/MultiPotato">S3cur3Th1sSh1t/MultiPotato</a></td>
+        <td>MultiPotato</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/S3cur3Th1sSh1t/SharpImpersonation">S3cur3Th1sSh1t/SharpImpersonation</a></td>
        <td>A User Impersonation tool - via Token or Shellcode injection</td>
@ -1472,6 +1484,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/outflanknl/TamperETW">outflanknl/TamperETW</a></td>
        <td>PoC to demonstrate how CLR ETW events can be tampered.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/oXis/GPUSleep">oXis/GPUSleep</a></td>
+        <td>Move CS beacon to GPU memory when sleeping</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/passthehashbrowns/DInvokeProcessHollowing">passthehashbrowns/DInvokeProcessHollowing</a></td>
        <td>This repository is an implementation of process hollowing shellcode injection using DInvoke from SharpSploit. DInvoke allows operators to use unmanaged code while avoiding suspicious imports or API hooking.</td>
@ -1706,6 +1722,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/codewhitesec/HandleKatz">codewhitesec/HandleKatz</a></td>
        <td>PIC lsass dumper using cloned handles</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/connormcgarr/tgtdelegation">connormcgarr/tgtdelegation</a></td>
+        <td>tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/cube0x0/MiniDump">cube0x0/MiniDump</a></td>
        <td>C# Lsass parser</td>
@ -1811,6 +1831,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/HunnicCyber/SharpDomainSpray">HunnicCyber/SharpDomainSpray</a></td>
        <td>Basic password spraying tool for internal tests and red teaming</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/icyguider/DumpNParse">icyguider/DumpNParse</a></td>
+        <td>A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/IlanKalendarov/PyHook">IlanKalendarov/PyHook</a></td>
        <td>PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.</td>
@ -1983,6 +2007,10 @@ Some tools can be categorized in more than one category. But because the current
            PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive
            information on the screen.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/vyrus001/go-mimikatz">vyrus001/go-mimikatz</a></td>
+        <td>A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/w1u0u1/minidump">w1u0u1/minidump</a></td>
        <td>Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemory.</td>
--- a/README.md
+++ b/README.md
@ -2894,6 +2894,10 @@ This repository is created as an online bookmark for useful links, resources and
        <td><a href="https://github.com/haccer/twint">haccer/twint</a></td>
        <td>An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/hessman/gcert">hessman/gcert</a></td>
+        <td>Retrieves information about a given domain from the Google Transparency Report</td>
+    </tr>
    <tr>
        <td><a href="https://iknowwhatyoudownload.com/en/peer/">I Know What You Download</a></td>
        <td>Torrent downloads and distributions for IP</td>
@ -2978,6 +2982,10 @@ This repository is created as an online bookmark for useful links, resources and
        <td><a href="https://github.com/ninoseki/mihari">ninoseki/mihari</a></td>
        <td>A helper to run OSINT queries & manage results continuously</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/ninoseki/mitaka">ninoseki/mikata</a></td>
+        <td>A browser extension for OSINT search</td>
+    </tr>
    <tr>
        <td><a href="https://data.occrp.org/">OCCRP Data</a></td>
        <td>Search 102m public records and leaks from 179 sources</td>
@ -3310,6 +3318,10 @@ This repository is created as an online bookmark for useful links, resources and
        <td><a href="https://github.com/crytic/echidna">crytic/echidna</a></td>
        <td>Ethereum smart contract fuzzer</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/csienslab/ProMutator">csienslab/ProMutator</a></td>
+        <td>ProMutator: Detecting Vulnerable Price Oracles in DeFi by Mutated Transactions</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/crytic/slither">crytic/slither</a></td>
        <td>Static Analyzer for Solidity</td>