Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Nix

Python

CSS

Lua

Assembly

Java

Scala

CoffeeScript

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Go

Elixir

C#

Julia

F#

PowerShell

PHP

Dart

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇲🇺 Mauritius

🇯🇲 Jamaica

🇭🇹 Haiti

🇨🇦 Canada

🇹🇴 Tonga

🇫🇮 Finland

🇦🇸 American Samoa

🇮🇹 Italy

All Countries Compare Countries

blackarrowsec/Handly

Stars
130
Rank 277,575 (Top 6 %)
Language
C#
License
Apache License 2.0
Created 11 months ago
Updated 11 months ago

blackarrowsec/Handly

blackarrowsec

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Abuse leaked token handles.

Handly

Leverage leaked token handles to perform privilege escalation. This technique has been detailed in this post.

The technique is implemented for the following technologies:

IIS: A simple ASPX webshell is provided that lists the available user tokens and allows to impersonate them to run an arbitrary executable present in the compromised host.
MSSQL: A python script is provided that will load several C# assemblies, allowing to manipulate the user tokens available in the MSSQL's process memory.

redteam-research

Collection of PoC and offensive techniques used by the BlackArrow Red Team

mssqlproxy

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

pivotnacci

A tool to make socks connections through HTTP agents

EAP_buster

EAP_buster is a simple bash script that lists what EAP methods are supported by the RADIUS server behind a WPA-Enterprise access point

wappy

Discover web technologies in web applications from your terminal

malware-research

Malware campaigns and APTs research by BlackArrow

advisories

Advisories and Proofs of Concept by BlackArrow

wap

Wappalyzer python library

fozar

Fozar allows you to traverse commits across multiple repositories matching against user supplied regex

tactical-hunting

EDR-Evaluation-Methodology

This project implements a methodology for evaluating EDR solutions according to our Threat Hunting model