ricardojoserf

Ship it!

Ricardo Ruiz ricardojoserf

Ship it!

Out of service

519 followers · 39 following

Achievements

ricardojoserf.github.io Public

My personal blog. Website: https://ricardojoserf.github.io/

SCSS 2 1 Updated Dec 8, 2025
spotify-playlist-downloader Public

Downloading Spotify Playlists

spotify-playlist spotify spotify-api spotify-playlist-downloader no-more-ads-spotify-plz

Python 28 5 Updated Dec 6, 2025
SAMDump Public

Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation

malware-development red-team security-tools redteam ntapi redteam-tools red-team-tools

C++ 216 29 Updated Nov 15, 2025
amazon-mwaa-RCE Public

RCE in Amazon Managed Workflows for Apache Airflow (MWAA) service

exploit rce amazon-web-services mwaa aws-mwaa

Python 8 1 Updated Aug 14, 2025
DoubleTeam Public

Listener that spawns a new tmux window for each incoming reverse shell + Supports listening on many ports

reverse-shell sockets netcat listener command-and-control

Python 57 3 Updated Jul 13, 2025
MemorySnitcher Public

Vulnerable (on purpose) programs to leak NtReadVirtualMemory address for stealthier API resolution (no GetProcAddress, GetModuleHandle or LoadLibrary in the IAT)

malware malware-research malware-development red-team ntapi ntreadvirtualmemory

C++ 41 6 Updated Jul 7, 2025
instagram-user-id Public

Get the user ID of any user in instagram

instagram instagram-api instagram-bot followers-instagram instagram-user

Python 39 6 Updated Jun 17, 2025
ricardojoserf.herokuapp.com Public

My personal blog

angularjs adminlte adminlte-template mean-stack nodejs-server particles-js

Python 1 Updated Jun 17, 2025
emqx-RCE Public

EMQX Dashboard Malicious Plugin leading to RCE

exploit rce emqx emqx-dashboard emqx-plugin

Erlang 44 3 Apache License 2.0 Updated Jun 16, 2025
TrickDump Public

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

security-tools mimikatz lsass ntapi redteam-tools ntdll-unhooking lsass-dump

C# 525 57 Updated May 9, 2025
NativeDump Public

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

security-tools lsass ntapi redteam-tools ntdll-unhooking lsass-dump

C# 694 97 Updated May 7, 2025
network-providers Public

Tests with Network Providers DLLs, adding some extra functionality to NPPSpy2 by @gtworek

winlogon network-provider credential-harvesting network-provider-dll

C 9 Updated Apr 29, 2025
dns-exfiltration Public

Notes and custom scripts for DNS exfiltration

dns-exfiltration

Python 4 2 Updated Apr 14, 2025
NativeNtdllRemap Public

Remap ntdll.dll using only NTAPI functions with a suspended process

malware-development ntapi redteam-tools edr-evasion ntdll-unhooking

C++ 26 5 Updated Apr 13, 2025
ricardojoserf Public

Github profile readme

1 1 Updated Apr 11, 2025
NativeBypassCredGuard Public

Bypass Credential Guard by patching WDigest.dll using only NTAPI functions

ntapi redteam-tools wdigest ntdll-unhooking credential-guard

C++ 263 33 Updated Apr 8, 2025
NativeTokenImpersonate Public

Impersonate Tokens using only NTAPI functions

malware-development ntapi redteam-tools token-impersonation edr-evasion

C++ 83 22 Updated Apr 4, 2025
github-star-counter Public

Count the exact number of stars for any Github user

github-stars stars starcounter stargazers-count stargazers starcount github-statistics

Python 1 1 Updated Mar 28, 2025
SharpNado Public

Repository to gather the .NET malware I will be developing

malware-research malware-development

18 6 Updated Mar 23, 2025
p-invoke.net Public

P/Invoke definitions from the most-of-the-time offline offline pinvoke.net. Website: https://ricardojoserf.gitbook.io/pinvoke

pinvoke malware-development

23 11 Updated Mar 23, 2025
writeups Public

Vulnhub and HTB writeups

writeups walkthrough vulnhub htb hack-the-box htb-writeups

Python 2 2 MIT License Updated Mar 20, 2025
lsass-dumper-csharp Public

Custom lsass.exe dump using C#: XOR-encoding, Dynamic function resolution, using NTAPIs...

C# 5 3 Updated Mar 17, 2025
FakeRebootAlert Public

Simple Windows Forms App to deceive users into rebooting the system upon login. Useful when you have updated a registry key such as PPL and need a safe reboot

startup-script social-engineering-attacks redteam red-team-tools

C# 5 1 Updated Nov 26, 2024
BOF_Files Public

Repository to gather the BOF files I will be developing

cobalt-strike command-and-control bof beacon-object-file

C 10 2 Updated Oct 1, 2024
goNtdllOverwrite Public

Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process

malware-development edr-bypass edr-evasion ntdll-unhooking

Go 4 3 Updated Jul 10, 2024
pyNtdllOverwrite Public

Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process

malware-development edr-bypass edr-evasion ntdll-unhooking

Python 5 2 Updated Jul 9, 2024
SharpNtdllOverwrite Public

Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder, a debugged process or a URL

malware-development edr-evasion ntdll-unhooking maldev-academy

C# 9 4 Updated Jul 9, 2024
SharpProcessDump Public

Dump memory regions of a process using NtQueryVirtualMemory and NtReadVirtualMemory

dumper process-dump forensics-tools

C# 7 2 Updated Jul 2, 2024
SharpCovertTube Public

Youtube as C2 channel - Control Windows systems uploading QR videos to Youtube

qr-code covert-channel security-tools command-and-control redteam redteam-tools c2-framework

C# 97 12 Updated Jun 24, 2024
OSED-prep Public

Exploits written while preparing for the OSED exam

osed wumed exp-301

Python 26 6 Updated Apr 30, 2024

Ricardo Ruiz ricardojoserf

Achievements

Achievements

ricardojoserf.github.io Public

Uh oh!

spotify-playlist-downloader Public

Uh oh!

SAMDump Public

Uh oh!

amazon-mwaa-RCE Public

Uh oh!

DoubleTeam Public

Uh oh!

MemorySnitcher Public

Uh oh!

instagram-user-id Public

Uh oh!

ricardojoserf.herokuapp.com Public

Uh oh!

emqx-RCE Public

Uh oh!

TrickDump Public

Uh oh!

NativeDump Public

Uh oh!

network-providers Public

Uh oh!

dns-exfiltration Public

Uh oh!

NativeNtdllRemap Public

Uh oh!

ricardojoserf Public

Uh oh!

NativeBypassCredGuard Public

Uh oh!

NativeTokenImpersonate Public

Uh oh!

github-star-counter Public

Uh oh!

SharpNado Public

Uh oh!

p-invoke.net Public

Uh oh!

writeups Public

Uh oh!

lsass-dumper-csharp Public

Uh oh!

FakeRebootAlert Public

Uh oh!

BOF_Files Public

Uh oh!

goNtdllOverwrite Public

Uh oh!

pyNtdllOverwrite Public

Uh oh!

SharpNtdllOverwrite Public

Uh oh!

SharpProcessDump Public

Uh oh!

SharpCovertTube Public

Uh oh!

OSED-prep Public

Uh oh!