Projects
Open-source offensive tools I created or had the occasion to contribute to.
FarsightAD
FarsightAD is a PowerShell script that implements multiple cmdlets to
help detect and investigate Active Directory persistence, following a forest or
domain compromise. It rely on a mix of reviewing the current domain state and
getting historical information / timestamps (notably from replication meta
data) whenever possible.
Areas of persistence covered: fully or partially hidden objects
(detected using replication data queried through DRS), SIDHistory &
primaryGroupID persistence, ACL / GPO / AD CS / Kerberos based persistence, …
Qazeer/FarsightAD
EDRSandblast
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver
to bypass EDR detections (Kernel callbacks and ETW TI provider) and LSASS
protections.
Multiple userland unhooking techniques are also implemented to evade userland
monitoring.
Developed with Maxime Meignan
wavestone-cdt/EDRSandblast
OffensivePythonPipeline
Static standalone binaries for Linux and Windows (x64) of Python offensive
tools.
Compiled using Docker for Windows, WSL2, and Make.
Qazeer/OffensivePythonPipeline
DFIR scripts
Various PowerShell or Python scripts to assist and automate tasks during
digital forensics investigations.
GitHub Gists
Other contributions
Occasional contributions to open-source security projects, such as Metasploit, Priv2Admin, KapeFiles, PingCastle, Velociraptor’s Artifact Exchange, Microsoft-Extractor-Suite, etc.