Zurich

Dobin Rutishauser

Elite
@dobin

avred. Analyse your malware to surgically obfuscate it

537

RedEdr. Collect Windows telemetry for Maldev

493

SuperMega. Stealthily inject shellcode into an executable

473

antnium. A C2 framework for initial access in Go

199

lxd-webgui. A lightweight web frontend for LXD

170

BurpSentinel. GUI Burp Plugin to ease discovering of security holes in web applications

153

yookiterm-slides. Exploitation and Mitigation Slides

135

ffw. A fuzzing framework for network servers

122

DetonatorAgent. Detonate redteam tools on VMs and get logs & detection status

96

detonator. Orchestrate detonating redteam artifacts in VMs with different EDRs to see their detection surface.

63

yookiterm-challenges. The challenge writeups and solutions for yookiterm-challenge-files

37

ShellcodeObfuscationLab. Test bench lab for Shellcode Obfuscation

37

avred-server. The AMSI server for Avred

33

defender2db. Convert Microsoft Defender Antivirus Signatures (VDM) into SQL DB

29

antniumui. The Web UI for Antnium

27

waasa. Windows Application Attack Surface Analyzer

25

yookiterm-challenges-files. Challenge files which are deployed in the container for the user

25

ace-firefist. Attack chain emulator. Write recipes for initial access easily

24

defender2yara. Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB

24

clang-cfi-safestack-analysis. C

23

badfiles. A detailed list of potentially dangerous file extensions

18

ttpExtractor. Extract the Procedures (TTP) from CTI reports

18

rosenbridge. A graphical user interface for Magic Wormhole file transfer

13

dmsr. Does My Shit Run - Linux Monitoring Solution

11

SentinelTestbed. Vulnerable web site. Used to test sentinel features.

11

RedEdrUi. Test UI for RedEdr

6

security_presentations. My Talks and Presentations - PDF export

6

LinEnum. Scripted Local Linux Enumeration & Privilege Escalation Checks

5

DisableWinR. Block Win-R shortcut

5

defender2db_data. Data from defender2db

4

yookiterm-server. Main yookiterm backend

4

windows-api-function-cheatsheets. A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.

4

RefleXXion. RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.

3

HijackLibs. Project for tracking publicly disclosed DLL Hijacking opportunities.

3

ffw-docker. Docker image of FFW

3

tinysploit2-writeup. Solution and writeup for tinysploit2 challenge

3

ffweb. A webgui to view crash information of fuzzing runs (FFW)

3

SemiDataSieve. JS to view, filter and sort unstructured data like procmon

2

yookiterm. yookiterm web frontend

2

xtarget. Python OpenCL project to use with Laser bullets including augmented reality

2

xrop-esp32. Patched xrop to support ESP32 architecture for gadget aquisition

2

DetonatorLab. C

2

nkeyrollover. ASCII side-scrolling beat-em-up game

2

go-shellcode. A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.

2

yookiterm-lxdserver. Yookiterm LXD backend server

2

zeroballistics. interactive 5.56 rifle ballistics visualizer

2

godot-srcvis. Python

1

GenAI-Security-Adventures. Jupyter Notebook

1

mydumbedr. C

1

proxybypasser. Bypass proxy download restrictions with JavaScript download

1

ipsctrainor. arduino IPSC trigger trainer

1

waasa-reflector. return a file via HTTP with certain file extension and magic type

1

ROPNotepadNG. Exploitlab ROPNotepad extended

1

malshaft. Malware analysis with fuzzy hashes on functions and their basic blocks

1
54
Apply