This is your work, valued

Poland

Mariusz Banach

Elite
@mgeeky

๐Ÿ”ด Red Team operator. ๐Ÿ‘พ Windows malware afficionado. ๐Ÿ›ก๏ธ Securing the world by stealing cyber criminals' operation theater

Penetration-Testing-Tools. A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

3k

ThreadStackSpoofer. Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

1.2k

PackMyPayload. A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

1.2k

ShellcodeFluctuation. An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

1.1k

cobalt-arsenal. My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

1.1k

ProtectMyTooling. Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.

1.1k

RedWarden. Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

997

decode-spam-headers. A script that helps you understand why your E-Mail ended up in Spam

696

Stracciatella. OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

541

ElusiveMice. Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind

490

tomcatWarDeployer. Apache Tomcat auto WAR deployment & pwning penetration testing tool.

444

UnhookMe. UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware

349

SharpWebServer. Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality

287

AzureRT. AzureRT - A Powershell module implementing various Azure Red Team tactics

233

msidump. MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.

230

expdevBadChars. Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.

210

VisualBasicObfuscator. Visual Basic Code universal Obfuscator intended to be used during penetration testing assignments.

148

Exploit-Development-Tools. A bunch of my exploit development helper tools, collected in one place.

148

RobustPentestMacro. This is a rich-featured Visual Basic macro code for use during Penetration Testing assignments, implementing various advanced post-exploitation techniques.

147

msi-shenanigans. Proof of Concept code and samples presenting emerging threat of MSI installer files.

92

PE-library. Lightweight Portable Executable parsing library and a demo peParser application.

80

procmon-filters. SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral analysis of testing specimens. Inspired and based on Lenny Zeltser's collection.

71

HEVD_Kernel_Exploit. Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.

67

PhishingPost. PHP Script intdended to be used during Phishing campaigns as a credentials collector linked to backdoored HTML <form> action parameter

61

dirbuster. wfuzz, SecLists and john -based dirbusting / forceful browsing script intended to be used during web pentest assingments

42

burpContextAwareFuzzer. BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JSON; XML; GWT; binary) and following encoding-scheme applied originally.

41

CustomXMLPart. A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.

39

ntfs-journal-viewer. Utterly simple NTFS Journal dumping utility. Handy when it comes to Computer Forensics and Malware Forensics Ops.

38

digitalocean-app-redirector. Reverse-HTTP Redirector via DigitalOcean Apps Platform

33

LISET. Light System Examination Toolkit (LISET) - logs & activity & configuration gathering utility that comes handy in fast Windows incident response (either forensic or malware oriented).

32

EvilClippy. A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

26

RPISEC-MBE-Solutions. Solutions to the RPISEC MBE / Modern Binary Exploitation VM & course.

22

PEInfo. Another Portable Executable files analysing stuff

21

prc_xchk. User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.

19

wifi-arsenal. WiFi arsenal

17

unhook-bof. Remove API hooks from a Beacon process.

14

injectAllTheThings. Seven different DLL injection techniques in one single project.

12

OfficePurge. C#

11

mgeeky.

10

SharpWMI. SharpWMI is a C# implementation of various WMI functionality.

9

proxy2. HTTP/HTTPS proxy with custom plugins loading capability.

9

Phishious. An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.

8

o365enum. Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or office.com login page.

8

CS-Remote-OPs-BOF. C

8

ScareCrow. ScareCrow - Payload creation framework designed around EDR bypass.

7

Havoc. The Havoc Framework

7

AQUARMOURY. My musings in C and offensive tooling

6

ssf. Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform

6

C2concealer. C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

6

artifacts-kit. Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.

6

SharpShooter. Payload Generation Framework

5

linux-utils. Some linux utils I've coded and decided to share.

5

Autorize. Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

3

rpivot. socks4 reverse proxy for penetration testing

3

malleable-c2. Cobalt Strike Malleable C2 Design and Reference Guide

3

The-Hacker-Recipes. This project is aimed at freely providing technical guides on various hacking topics.

3

Bloodhound-Custom-Queries. Custom Query list for the Bloodhound GUI based off my cheatsheet

2

SharpHound. The BloodHound C# Ingestor

2

ADVobfuscator. Obfuscation library based on C++11/14 and metaprogramming

2

pinjectra. Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)

2