This is your work, valued
Security Engineer w/ interests in offensive security and malware. ๐พ Self-taught programmer; open to constructive criticism and eager to expand knowledge.
ExploitLeakedHandle. Identify and exploit leaked handles for local privilege escalation.
111Amaterasu. Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Process Explorer driver to kill a process's handles from kernel mode.
81MS13-098. PowerShell script to append data to executables without invalidating their digital signature. (MS13-098)
10Find-UserlandHooks. PowerShell script to find NTDLL functions that may be hooked by AV or EDR by comparing what exists on disk with the loaded ntdll module.
10PsSetCreateProcessNotifyRoutineEx. Minimal driver that calls PsSetCreateProcessNotifyRoutineEx and writes basic process information to the kernel debugger. For educational purposes.
5Get-SyscallID. PowerShell script to retrieve the system call numbers for Nt/Zw functions exported in NTDLL.
4Process_Injection_Framework. PIF is a tool that facilitates injecting & executing arbitrary code in remote processes through various process injection techniques.
2