From e6d0a0b7d9dc294537eb12151102662d981c7256 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Wed, 27 Oct 2021 16:29:56 +0700
Subject: [PATCH] Add: GetRektBoy724/SharpUnhooker to Defense Evasion section

---
 Offensive.md | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/Offensive.md b/Offensive.md
index 976481e..0a2497e 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -1064,6 +1064,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/EspressoCake/Toggle_Token_Privileges_BOF">EspressoCake/Toggle_Token_Privileges_BOF</a></td>
         <td>Syscall BOF to arbitrarily add/detract process token privilege rights.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/GhostPack/Certify">GhostPack/Certify</a></td>
+        <td>Active Directory certificate abuse.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/GhostPack/ForgeCert">GhostPack/ForgeCert</a></td>
         <td>ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.</td>
@@ -1334,6 +1338,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/Flangvik/RosFuscator">Flangvik/RosFuscator</a></td>
         <td>YouTube/Livestream project for obfuscating C# source code using Roslyn</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/GetRektBoy724/SharpUnhooker">GetRektBoy724/SharpUnhooker</a></td>
+        <td>C# Based Universal API Unhooker</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/GetRektBoy724/TripleS">GetRektBoy724/TripleS</a></td>
         <td>Syscall Stub Stealer - Freshly steal Syscall stub straight from the disk</td>
@@ -2009,10 +2017,6 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/FuzzySecurity/StandIn">FuzzySecurity/StandIn</a></td>
         <td>StandIn is a small .NET35/45 AD post-exploitation toolkit</td>
     </tr>
-    <tr>
-        <td><a href="https://github.com/GhostPack/Certify">GhostPack/Certify</a></td>
-        <td>Active Directory certificate abuse.</td>
-    </tr>
     <tr>
         <td><a href="https://github.com/improsec/ImproHound">improsec/ImproHound</a></td>
         <td>Identify the attack paths in BloodHound breaking your AD tiering</td>