Devid Lana's Projects
OPSEC safe Kerberoasting in C#
A tool for generating fake code signing certificates or signing real ones
LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
Mind-Maps of Several Things
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
LDAP library for auditing MS AD
NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)
Strstr with user-supplied needle and filename as a BOF.
Module Stomping, No New Thread, HellsGate syscaller, UUID Dropper for x64 Windows 10!
A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
Guaranteed compile-time string literal obfuscation header-only library for C++14
A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
Tunneling and Port Forwarding Cheat Sheet
TCP Port Redirection Utility
Dump the memory of a PPL with a userland exploit
Red Team C code repo
Search tool to find specific files containing specific words, i.e. files containing passwords..
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
Section Mapping Process Injection (secinject): Cobalt Strike BOF
Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading
.NET Project for performing Authenticated Remote Execution
.Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
Shellcoding utilities
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
Cobalt Strike Beacon Object File (BOF) that takes the name of of a PE file as an argument and spawns the process in a suspended state
Loading and executing shellcode in C# without PInvoke.
Gives you instant SYSTEM command prompt on all supported and legacy versions of Windows
Small portable AES128/192/256 in C