TheWover
TheWover
Currently, the PE loader in SharpSploit does not support passing command-line arguments. Add it.
I added a path parameter to specify the search container. This is useful when looking up object properties or permissions, such as when checking Certificate Template access permissions.
What would you think about a parameter to specify to mimikatz what handle for LSASS to use? User would provide it as an integer, mimikatz would cast that as a...
Multiple Channels fail to create a session on Windows 7 / Server 2008. This appears to be an error in WinHTTP.  Tracing this through the Visual Studios debugger, I...
There is a case where a DLL's API Set reference may resolve to the original DLL. An example is `Kernel32.dll!InitializeProcThreadAttributeList`, which forwards to `api-ms-win-core-processthreads-l1-1-0.InitializeProcThreadAttributeList`, which resolves back to `Kernel32.dll!InitializeProcThreadAttributeList`. This...
Module Overloading without a decoy DLL set might as well be a game of Russian Roulette for how randomly it works and other-randomly it destroys all hope of whatever it...
Use the technique described by modexp in https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/ and implemented in SysWhispers2 to derive syscall IDs by sorting the addresses of Zw* exports in ntdll.
Add a Deallocate function to allocation classes that cleans up the artifacts produced by the allocation. This should close relevant handles, clean up memory, and perform any other relevant OPSEC...
The current version of DInvoke does not resolve export forwards. It assumes that all exports are not forwarded. This may be demonstrated by attempting to resolve `kernel32.dll!InitializeSRWLock`.
Add functions to unhook particular API calls and refresh DLLs in their original memory space.