Lead Red Teamer & Malware Dev, Reverse engineering for fun and analyzing Winternals
OffensiveRust. Rust Weaponization for Red Team Engagements.
3kTartarusGate. TartarusGate, Bypassing EDRs
666NamelessC2. Nameless C2 - A C2 with all its components written in Rust
283RedLizard. RedLizard Rust TCP Reverse Shell Server/Client
135LdrLoadDll-Unhooking. LdrLoadDll Unhooking
131Enyx. Enyx SNMP IPv6 Enumeration Tool
106EDR_Detector. EDR Detector that can find what kind of endpoint solution is being used according to drivers in the system.
94CReadMemory. Read Memory without ReadProcessMemory for Current Process
90UDPlant. UDP implant
67PrimitiveInjection. PrimitiveInjection by using Read, Write and Allocation Primitives.
53Lenum. Linux Enumeration / Privilege escalation tool
26Brave_Browser_1Day_POC. This is a crash for Brave Browser I found in New Years Eve, used to be a 0day when I found it
17Elastic_Panel_AutoInstall. Spawn Up quickly Elastic EDR Panel
14BlindBrowse. Android BlindBrowser : Real Time Navigation on Android devices with no display.
4BlackLotus. BlackLotus UEFI Windows Bootkit
4CursedChrome. Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
3ghost. A sample client/server architecture
3LdrLockLiberator. For when DLLMain is the only way
2Obfuscator. A program for obfuscating C strings
2Stinger. CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.
2Rustic64. 64-bit, position-independent implant template for Windows in Rust.
2lib-nosa. ViperX Research Labs
2PSBits. Simple (relatively) things allowing you to dig a bit deeper than usual.
2ntoskrnl. The Windows Research Kernel (WRK)
2shrk. LKM rootkit for modern kernels, with DNS C2 and a simple web interface
2Veil. Windows internal undocumented API.
2Chrome-App-Bound-Encryption-Decryption. Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.
2minhook. The Minimalistic x86/x64 API Hooking Library for Windows
2clr-thing. rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.
2Stardust. An modern 64-bit position independent implant template
2azure-hunting. Collection of hunting resources for Microsoft Azure
1doublepulsar-rdp. Another unfinished doublepulsar RDP variant from years ago. Demonstrates hooking McsDispatch, never wrote the hook itself
1CTF. Repo for storing CTF related stuff (Writeups, etc.)
1GraphSpy. Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI
1azurehound-queries. Collection of BloodHound queries for Azure
1MicrosoftWontFixList. A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
1Ox-C2. Command & Control server and agent written in Rust
1socker. Checks SOCKS Proxy List To find Working Proxies
1RedEdr. Collect Windows telemetry for Maldev
1ReflectiveLoader. A Reflective Loader for macOS
1AlanFramework. A C2 post-exploitation framework
1WinVisor. WinVisor - A hypervisor-based emulator for Windows x64 user-mode executables using Windows Hypervisor Platform API
1container_sec_workstation. Shell
1Lastenzug. Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
1clroxide. A rust library that allows you to host the CLR and execute dotnet binaries.
1MemFiles. A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
1PPID-Spoofing. POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.
1ShimMe. C++
1bootdoor. Former UEFI Firmware Rootkit Replicating MoonBounce / ESPECTRE
1