#
Starred repositories
289
stars
written in C
Clear filter
Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.
A C library for reading, creating, and modifying zip archives.
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc…
This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to …
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…
Collection of Beacon Object Files (BOF) for Cobalt Strike
Cobalt Strike HTTPS beaconing over Microsoft Graph API
PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
A way to delete a locked file, or current running executable, on disk.
Collection of UAC Bypass Techniques Weaponized as BOFs
HookChain: A new perspective for Bypassing EDR Solutions
A library for loading dll module bypassing windows PE loader from memory (x86/x64)
Simulate the behavior of AV/EDR for malware development training.
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
The Definitive Guide To Process Cloning on Windows
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
Inject .NET assemblies into an existing process
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Mi…