Stars
My Notes about Penetration Testing
Documents Exfiltration project for fun and educational purposes
Apple BLE proximity pairing message spoofing
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
PowerJoker is a Python program which generate a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.
Finds Domain Controller on a network, enumerates users, AS-REP Roasting and hash cracking, bruteforces password, dumps AD users, DRSUAPI, scans SMB/NFS shares for passwords, scans for remote access…
A collection of PoCs for different injection techniques on Windows!
Offensive Software Exploitation Course
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table
Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state
A running list of Windows sources and the related event ids.
Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
Code for our DLS'21 paper - BODMAS: An Open Dataset for Learning based Temporal Analysis of PE Malware. BODMAS is short for Blue Hexagon Open Dataset for Malware AnalysiS.
HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys th…
Study materials for the Certified Red Team Pentesting (CRTP) exam, covering essential concepts in red teaming and penetration testing
This map lists the essential techniques to bypass anti-virus and EDR
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
A command-line utility designed to discover subdomains for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interac…
A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact dire…
GPT 3.5/4 with a Chat Web UI. No API key required.
Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctypes
Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume threads
kill anti-malware protected processes ( BYOVD )