pr0tean Goto Github PK

aceldr

Cobalt Strike UDRL for memory scanner evasion.

active-directory-exploitation-cheat-sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

adiskreader

Async Python library to parse local and remote disk images.

alcatraz

x64 binary obfuscator

alternativeshellcodeexec

Alternative Shellcode Execution Via Callbacks

amaterasu

angryorchard

apache-log4j-poc

Apache Log4j 远程代码执行

apcldr

aquarmoury

My musings in C and offensive tooling

artifactkit

atompepacker

A Highly capable Pe Packer

bof-ryze

brown-bags

caro-kann

codecepticon

cronos

PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners.

cve-2019-13051

dumpthatlsass

Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile.

dv-inj

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417

echodrv

eload

Emotet Loader helps execute Emotet modules in isolation. Emotet is one of the most active botnets, that delivers its modules, such as credit card stealer or SMB spreader, to the user machines. Emotet Loader allows to run the modules separately from the core component and help analyzing their behavior.

epi

experiments

Expriments

filelessremotepe

Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique

filetest

flavortown

Various ways to execute shellcode

functionstomping

A new shellcode injection technique. Given as C++ header or standalone Rust program.

ghostmapper

gift