Highlights
- Pro
-
VT-stealer Public
VirusTotal Stealer is a DATA Exfiltration tool that exfitrate office documents and tunnel them over VirusTotal API to the Team Server
-
IP-Hunter Public
Hunt for C2 servers and phishing web sites using VirusTotal API , you can modify code to kill the malicious process
-
-
reactos Public
Forked from reactos/reactosA free Windows-compatible Operating System
-
ShellcodeCompiler Public
Forked from NytroRST/ShellcodeCompilerShellcode Compiler
-
DocPlz Public
Documents Exfiltration project for fun and educational purposes
-
FilelessPELoader Public
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
-
-
APTmulate Public
This repository focuses on replicating the behavioral patterns observed in well-documented APT campaigns.
10 UpdatedAug 20, 2023 -
D1rkInject Public
Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state
-
PSpersist Public
Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell process is created, the implant will be executed too.
-
AMSI_patch Public
Patching AmsiOpenSession by forcing an error branching
-
ntdlll-unhooking-collection Public
different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)
-
GithubC2 Public
Github as C2 Demonstration , free API = free C2 Infrastructure
-
UnhookingPatch Public
Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
-
StackCrypt Public
Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume threads
-
HeapCrypt Public
Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap
-
TakeMyRDP Public
A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.ex…
-
D1rkLdr Public
Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscall instruction address resolving at run time
-
Shellcode-Hide Public
This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp, socket)
-
NTDLLReflection Public
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table
-
SweetDreams Public
Forked from CognisysGroup/SweetDreamsImplementation of Advanced Module Stomping and Heap/Stack Encryption
-
HadesLdr Public
Forked from CognisysGroup/HadesLdrShellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
-
BlockNonMSModules Public
Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules
-
BlockOpenHandle Public
Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners
-
-
ocd-mindmaps Public
Forked from Orange-Cyberdefense/ocd-mindmapsOrange Cyberdefense mindmaps
-
D1rkSleep Public
Improved version of EKKO by @5pider that Encrypts only Image Sections
-
nt5src Public
Forked from tongzx/nt5srcSource code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.
-
windows-XP-SP1 Public
Forked from wolewd/windows-XP-SP1网上泄露的Windows XP SP1 source code