Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

C#

Python

JavaScript

Kotlin

C

Emacs Lisp

C++

PHP

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

R

Scala

Dart

Racket

C#

C++

PHP

F#

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇯🇲 Jamaica

🇨🇼 Curaçao

🇭🇺 Hungary

🇯🇪 Jersey

🇭🇹 Haiti

🇦🇷 Argentina

🇱🇨 Saint Lucia

🇰🇪 Kenya

All Countries Compare Countries

blackarrowsec/Handly

Stars
129
Rank 278,190 (Top 6 %)
Language
C#
License
Apache License 2.0
Created 10 months ago
Updated 10 months ago

blackarrowsec/Handly

blackarrowsec

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Abuse leaked token handles.

Handly

Leverage leaked token handles to perform privilege escalation. This technique has been detailed in this post.

The technique is implemented for the following technologies:

IIS: A simple ASPX webshell is provided that lists the available user tokens and allows to impersonate them to run an arbitrary executable present in the compromised host.
MSSQL: A python script is provided that will load several C# assemblies, allowing to manipulate the user tokens available in the MSSQL's process memory.

redteam-research

Collection of PoC and offensive techniques used by the BlackArrow Red Team

mssqlproxy

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

pivotnacci

A tool to make socks connections through HTTP agents

EAP_buster

EAP_buster is a simple bash script that lists what EAP methods are supported by the RADIUS server behind a WPA-Enterprise access point

wappy

Discover web technologies in web applications from your terminal

advisories

Advisories and Proofs of Concept by BlackArrow

malware-research

Malware campaigns and APTs research by BlackArrow

fozar

Fozar allows you to traverse commits across multiple repositories matching against user supplied regex

wap

Wappalyzer python library

tactical-hunting

EDR-Evaluation-Methodology

This project implements a methodology for evaluating EDR solutions according to our Threat Hunting model