avred. Analyse your malware to surgically obfuscate it
537RedEdr. Collect Windows telemetry for Maldev
493SuperMega. Stealthily inject shellcode into an executable
473antnium. A C2 framework for initial access in Go
199lxd-webgui. A lightweight web frontend for LXD
170BurpSentinel. GUI Burp Plugin to ease discovering of security holes in web applications
153yookiterm-slides. Exploitation and Mitigation Slides
135ffw. A fuzzing framework for network servers
122DetonatorAgent. Detonate redteam tools on VMs and get logs & detection status
96detonator. Orchestrate detonating redteam artifacts in VMs with different EDRs to see their detection surface.
63yookiterm-challenges. The challenge writeups and solutions for yookiterm-challenge-files
37ShellcodeObfuscationLab. Test bench lab for Shellcode Obfuscation
37avred-server. The AMSI server for Avred
33defender2db. Convert Microsoft Defender Antivirus Signatures (VDM) into SQL DB
29antniumui. The Web UI for Antnium
27waasa. Windows Application Attack Surface Analyzer
25yookiterm-challenges-files. Challenge files which are deployed in the container for the user
25ace-firefist. Attack chain emulator. Write recipes for initial access easily
24defender2yara. Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB
24clang-cfi-safestack-analysis. C
23badfiles. A detailed list of potentially dangerous file extensions
18ttpExtractor. Extract the Procedures (TTP) from CTI reports
18rosenbridge. A graphical user interface for Magic Wormhole file transfer
13dmsr. Does My Shit Run - Linux Monitoring Solution
11SentinelTestbed. Vulnerable web site. Used to test sentinel features.
11RedEdrUi. Test UI for RedEdr
6security_presentations. My Talks and Presentations - PDF export
6LinEnum. Scripted Local Linux Enumeration & Privilege Escalation Checks
5DisableWinR. Block Win-R shortcut
5defender2db_data. Data from defender2db
4yookiterm-server. Main yookiterm backend
4windows-api-function-cheatsheets. A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.
4RefleXXion. RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
3HijackLibs. Project for tracking publicly disclosed DLL Hijacking opportunities.
3ffw-docker. Docker image of FFW
3tinysploit2-writeup. Solution and writeup for tinysploit2 challenge
3ffweb. A webgui to view crash information of fuzzing runs (FFW)
3SemiDataSieve. JS to view, filter and sort unstructured data like procmon
2yookiterm. yookiterm web frontend
2xtarget. Python OpenCL project to use with Laser bullets including augmented reality
2xrop-esp32. Patched xrop to support ESP32 architecture for gadget aquisition
2DetonatorLab. C
2nkeyrollover. ASCII side-scrolling beat-em-up game
2go-shellcode. A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
2yookiterm-lxdserver. Yookiterm LXD backend server
2zeroballistics. interactive 5.56 rifle ballistics visualizer
2godot-srcvis. Python
1GenAI-Security-Adventures. Jupyter Notebook
1mydumbedr. C
1proxybypasser. Bypass proxy download restrictions with JavaScript download
1ipsctrainor. arduino IPSC trigger trainer
1waasa-reflector. return a file via HTTP with certain file extension and magic type
1ROPNotepadNG. Exploitlab ROPNotepad extended
1malshaft. Malware analysis with fuzzy hashes on functions and their basic blocks
1