0x00Check

Security Engineer interested in offensive security and malware.👾Self-taught programmer; open to constructive criticism and eager to expand my knowledge!

Pinned Repositories

0x00Check.github.io
Language:Sass1 1 00
Amaterasu
Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Process Explorer driver to kill a process's handles from kernel mode.
Language:C++69 4 219
ExploitLeakedHandle
Identify and exploit leaked handles for local privilege escalation.
Language:C++104 4 115
Find-UserlandHooks
PowerShell script to find NTDLL functions that may be hooked by AV or EDR by comparing what exists on disk with the loaded ntdll module.
Language:PowerShell7 1 02
Get-SyscallID
PowerShell script to retrieve the system call numbers for Nt/Zw functions exported in NTDLL.
Language:PowerShell2 1 02
MS13-098
PowerShell script to append data to executables without invalidating their digital signature. (MS13-098)
Language:PowerShell6 1 00
Process_Injection_Framework
PIF is a tool that facilitates injecting & executing arbitrary code in remote processes through various process injection techniques.
Language:C#2 1 00
PsSetCreateProcessNotifyRoutineEx
Minimal driver that calls PsSetCreateProcessNotifyRoutineEx and writes basic process information to the kernel debugger. For educational purposes.
Language:C++4 1 01

0x00Check's Repositories

0x00Check/ExploitLeakedHandle
Identify and exploit leaked handles for local privilege escalation.
Language:C++104 4 115
0x00Check/Amaterasu
Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Process Explorer driver to kill a process's handles from kernel mode.
Language:C++69 4 219
0x00Check/Find-UserlandHooks
PowerShell script to find NTDLL functions that may be hooked by AV or EDR by comparing what exists on disk with the loaded ntdll module.
Language:PowerShell7 1 02
0x00Check/MS13-098
PowerShell script to append data to executables without invalidating their digital signature. (MS13-098)
Language:PowerShell6 1 00
0x00Check/PsSetCreateProcessNotifyRoutineEx
Minimal driver that calls PsSetCreateProcessNotifyRoutineEx and writes basic process information to the kernel debugger. For educational purposes.
Language:C++4 1 01
0x00Check/Get-SyscallID
PowerShell script to retrieve the system call numbers for Nt/Zw functions exported in NTDLL.
Language:PowerShell2 1 02
0x00Check/Process_Injection_Framework
PIF is a tool that facilitates injecting & executing arbitrary code in remote processes through various process injection techniques.
Language:C#2 1 00
0x00Check/0x00Check.github.io
Language:Sass1 1 00

0x00Check

Pinned Repositories

0x00Check.github.io

Amaterasu

ExploitLeakedHandle

Find-UserlandHooks

Get-SyscallID

MS13-098

Process_Injection_Framework

PsSetCreateProcessNotifyRoutineEx

0x00Check's Repositories

0x00Check/ExploitLeakedHandle

0x00Check/Amaterasu

0x00Check/Find-UserlandHooks

0x00Check/MS13-098

0x00Check/PsSetCreateProcessNotifyRoutineEx

0x00Check/Get-SyscallID

0x00Check/Process_Injection_Framework

0x00Check/0x00Check.github.io