Hunting Queries for Defender ATP

Discover the location of nearby Telegram users 📡🌍

Living Off the Foreign Land setup scripts

application server attack toolkit

Yet Another Memory Analyzer for malware detection

A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.

PoC implementing heterogenous classifiers for IoT malware detection.

GitHub Data Analysis Framework.

Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

For when DLLMain is the only way

a tool to help operate in EDRs' blind spots

Nuclei templates for honeypots detection.

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Syscall Shellcode Loader (Work in Progress)

Generate an obfuscated DLL that will disable AMSI & ETW

Nim-based assembly packer and shellcode loader for opsec & profit

A light-weight first-stage C2 implant written in Nim (and Rust).

GoDumpLsass is a simple tool that can dump lsass without to get caught by Windows Defender.

Process Monitor X v2

Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider

Sysmon-Like research tool for ETW

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device.