My Notes about Penetration Testing

VirusTotal Stealer is a DATA Exfiltration tool that exfitrate office documents and tunnel them over VirusTotal API to the Team Server

Documents Exfiltration project for fun and educational purposes

Apple BLE proximity pairing message spoofing

Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

PowerJoker is a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.

Finds Domain Controller on a network, enumerates users, AS-REP Roasting and hash cracking, bruteforces password, dumps AD users, DRSUAPI, scans SMB/NFS shares for passwords, scans for remote access…

A collection of PoCs for different injection techniques on Windows!

SIEM Cheat Sheet

Offensive Software Exploitation Course

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state

A running list of Windows sources and the related event ids.

Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

Rust in-memory dumper

Code for our DLS'21 paper - BODMAS: An Open Dataset for Learning based Temporal Analysis of PE Malware. BODMAS is short for Blue Hexagon Open Dataset for Malware AnalysiS.

HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys th…

Create PDFs with HTML smuggling attachments that save on opening the document.

BlackLotus UEFI Windows Bootkit

Study materials for the Certified Red Team Pentesting (CRTP) exam, covering essential concepts in red teaming and penetration testing

Native Syscalls Shellcode Injector

This map lists the essential techniques to bypass anti-virus and EDR

Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.

A command-line utility designed to help you discover subdomains for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn'…

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

GPT 3.5/4 with a Chat Web UI. No API key required.

Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctypes