Stars
LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
mkaring / ConfuserEx
Forked from yck1509/ConfuserExAn open-source, free protector for .NET applications
Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.
Powerful+Fast+Low Privilege Kubernetes discovery tools
A repository of sysmon configuration modules
Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading
Port of Cobalt Strike's Process Inject Kit
Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
Weaponizing for privileged file writes bugs with windows problem reporting
Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into…
PoC Implementation of a fully dynamic call stack spoofer
A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
Encrypted shellcode Injection to avoid Kernel triggered memory scans
A modern 32/64-bit position independent implant template
Threadless Process Injection through entry point hijacking
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
Linux/Windows post-exploitation framework made by linux user
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
The recursive internet scanner for hackers. 🧡
Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume threads
Threadless Process Injection using remote function hooking.