Lists (3)
Stars
A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
A post-exploitation powershell tool for extracting juicy info from memory.
Lightweight, memory-safe, zero-allocation library for reading and navigating PE binaries.
Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools
Cheat sheet to detect and remove linux kernel rootkit
A machine learning tool that ranks strings based on their relevance for malware analysis.
This code unhooks EDR Windows API calls and dumps the LSASS process
Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
AV/EDR evasion via direct system calls.
A repository of sysmon configuration modules
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
Detection Wizard brings YARA, Suricata, Sigma, Sysmon, QRadar, Splunk, and IOCs into one powerful interface for powerful rule management and threat detection.
Search a filesystem for indicators of compromise (IoC).
✒️ Adding digital signature into ELF binary files.
DNS Tunneling using powershell to download and execute a payload. Works in CLM.
NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other mean…
OWASP Web Application Security Testing Checklist
Powershell Based tool for gathering information related to O365 intrusions and potential Breaches
A fast, simple, recursive content discovery tool written in Rust.
Windows Local Privilege Escalation Cookbook
Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
BloodyAD is an Active Directory Privilege Escalation Framework
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.