Stars
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
xoreaxeaxeax / movfuscator
Forked from Battelle/movfuscatorThe single instruction C compiler
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
Simple (relatively) things allowing you to dig a bit deeper than usual.
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
Connect like there is no firewall. Securely.
Situational Awareness commands implemented using Beacon Object Files
LSASS memory dumper using direct system calls and API unhooking.
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
Tool for injecting a shared object into a Linux process
A memory-based evasion technique which makes shellcode invisible from process start to end.
Original C Implementation of the Hell's Gate VX Technique
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc…
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".