Skip to content
View killswitch-GUI's full-sized avatar

Block or report killswitch-GUI

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
killswitch-GUI/README.md

Hi there 👋 here is a overview of my OSS.

⚡ Offensive Security Research & Tools

Over the years I have worked on various projects ranging from small research projects to team based projects in support of OSS. The following work spans over 10 years of OSS development, training, and research. Most of the code is research for other operational projects for red teaming, pentesting and IR.

💬 Confrence Talks & Research

OSINT
  • SimplyEmail - OSINT collection tool with various modules to extract emails for targeted phishing
  • SimplyTemplate - Phishing Template Generation for large scale phishing
  • simplydomain - SimplyDomain uses a framework approach to build and deploy modules within. This allows for fast, easy and, concise output to feed into larger OSINT feeds of subdomain collection.
Agents
  • DeepFreeze-Agent - Custom C++ agent to learn various Windows C APIs and WMI process, service, driver monitoring supporting dynamic rule creation. See confrence talk https://www.slideshare.net/AlexanderRymdekoHarv/rat-repurposing-adversarial-tradecraft
  • EmPyre - Core contributor on a team to develop EmPyre, a pure Python post-exploitation agent for OSX that was used on various Red Team engagements as limited OSS agents existed.
  • Empire - Core contributor on a team to support and develop on Empire after the python agent was merged into the Empire branch for cross platform operations.
Infrastructure
Host Collection & Modules
  • SetWindowsHookEx-Keylogger - Example implementation of a Windows C++ Native Keylogger using SetWindowsHookEx
  • HastySeries - C# toolset for offensive operators to triage, asses and make intelligent able decisions.
  • minidump-lib - C++ MiniDumpWriteDump static lib example, with CLI
  • Invoke-EncryptedZip.ps1 - Utility to make a encrypted and compressed Zip file from a provided folder. This allows users to stage files in a designated folder for exfil, or protection from final storage location.
  • Invoke-RPCArchitectureCheck%20.ps1 - A simple utility to use a crafted RPC packet to check a remote host's arch. Returns x86 or x64. It is based off research into remote service kernel exploitation and loaders.
Sniffers
  • Winsock-PCAP - Demonstrates a POC of how an older, yet still safe, method of native PCAP can take place using the Winsock2 library on Windows. This uses a reflective DLL injection to deploy and name pipes using a PowerShell POC communicator.
  • NIX-Sniffer-Examples - Linux Python 2.7 Socket sniffer (Layer 3 and up), OSX Libpcap monitor mode test and sniffer research
  • osx-libpcap-fullcap.py - OSX PCAP using python 2.7, libpcap, libc, and ctypes implemented in pure Python
Payloads & Loaders
  • InfoPhish - InfoPath C# embded .NET DLL with remote Process Hollowing
  • HotLoad-Driver - Loading Windows Drivers using Service Control Manager (SC) & Native Windows API's while embedding WinPCAP into RDI with Windows Pipes for control
  • PeFixUp - Windows PE Tainting pre-flight op checks for delivering PE's to disk. Provides operator ability to capture metadata, ensure opsec and taint/check key characteristics to prevent AV/Analysis.
Persistence
  • Persistence-Survivability - Research based on Duqu style persistence as a TTP to locate high uptime hosts within a network and calculate a Persistence Survivability Rating (PSR).
  • Invoke-InstallPsGPOPersistence - Provides the install of PS or Scripts persistence using reg keys and the proper .ini file to insert into GPO startup
Fuzzing
  • Fuzz-FFmpeg - Docker container to support AFL (afl-multicore) to Fuzz FFmpeg in a contained environment
🔭 Research
  • IsDebuggerPresent - Comparing three excellent debugger check TTPs for necessary sandbox and anti-reversing techniques and their detection ratios. With interest in the ability to alert on IR actions and potentially beacon out with maybe a magic packet or some other TTP to ID that we have been burnt.
  • C-OSX-Shellcode - Used to learn X86_x64 shellcode generation using ASM and compiled C code on OSX
  • Domain-WIFILocate

Popular repositories Loading

  1. CobaltStrike-ToolKit CobaltStrike-ToolKit Public

    Some useful scripts for CobaltStrike

    Shell 846 212

  2. PenTesting-Scripts PenTesting-Scripts Public

    A ton of helpful tools

    PowerShell 335 128

  3. HotLoad-Driver HotLoad-Driver Public

    C++

    C 79 76

  4. Persistence-Survivability Persistence-Survivability Public

    Powershell Persistence Locator

    PowerShell 66 26

  5. SetWindowsHookEx-Keylogger SetWindowsHookEx-Keylogger Public

    Windows C++ Native Keylogger using SetWindowsHookEx

    C++ 66 22

  6. lterm lterm Public

    lterm is a small script built to install a bash hook for full terminal logging.

    Python 53 9