Lists (5)
Sort Name ascending (A-Z)
Stars
Tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h
ripgrep recursively searches directories for a regex pattern while respecting your gitignore
Let's analyze one of the ways to bypass the smart screen and write our own simple cryptor that runs the shellcode
Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual.
Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs
rust library for performing remote process injection, originally written for use in Tempest c2 project
Lateral Movement Using DCOM and DLL Hijacking
This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository…
FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading
A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.
A feature-rich command-line audio/video downloader
Load .net assemblies from memory while having them appear to be loaded from an on-disk location.
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
Bypass AMSI and Defender using Ordinal Values
NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support
Burp插件,通过自定义 hook 自动解密加密报文,并支持联动 sqlmap、xray 等,让你测试加密报文时像明文一样简单。 The Burp plugin automatically decrypts encrypted messages through custom hooks and supports linkage with sqlmap, xray, etc., making …
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
fengjixuchui / SharpBeacon
Forked from mai1zhi2/SharpBeaconCobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon,其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
Allows WhatsApp users to extract their cipher key and databases on non-rooted Android devices.