Pinned Repositories
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
2022-HW-POC
2022 护网行动 POC 整理
aksk_tool
AK资源管理工具,阿里云/腾讯云/华为云/AWS/UCLOUD/京东云/七牛云存储 AccessKey AccessKeySecret,利用AK获取资源信息和操作资源,ECS/CVM/E2/UHOST/ECI执行命令,OSS/COS/S3管理,RDS/DB管理,域名管理,添加RAM/CAM/IAM账号等
CallBackDump
能过卡巴、核晶、defender等杀软的dump lsass进程工具
CS-Remote-OPs-BOF
DumpThatLSASS
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile.
EHole
EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
go-shellcode
A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
GoBypassAV
整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术,并搜集汇总了一些资料和工具。
goEncrypt
go语言封装的各种对称加密和非对称加密,可以直接使用,包括3重DES,AES的CBC和CTR模式,还有RSA非对称加密,ECC椭圆曲线的加密和数字签名
1rm's Repositories
1rm/0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
1rm/EHole
EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
1rm/go-shellcode
A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
1rm/goEncrypt
go语言封装的各种对称加密和非对称加密,可以直接使用,包括3重DES,AES的CBC和CTR模式,还有RSA非对称加密,ECC椭圆曲线的加密和数字签名
1rm/goLang-injectors
go注入函数练习
1rm/GolangBypassAV
研究利用golang各种姿势bypassAV
1rm/inject-assembly
Inject .NET assemblies into an existing process
1rm/InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
1rm/PyShell
Multiplatform Python WebShell
1rm/RedTeamCSharpScripts
C# Script used for Red Team
1rm/Sharp-dumpkey
基于C#实现的获取微信数据库密钥的小工具
1rm/ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
1rm/universal
Universal Shared Library User-space Loader
1rm/520apkhook
对安卓APP注入MSF PAYLOAD,并且对手机管家进行BYPASS。
1rm/amber
Reflective PE packer.
1rm/commando-tools
Just the Tools folder from FireEye Commando-VM
1rm/CPPPractice
C/C++练手
1rm/GoPurple
Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
1rm/HiddenVNC
A simple hidden vnc.
1rm/LockdExeDemo
A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/
1rm/OLa
1rm/Pokemon-Shellcode-Loader
Tired of looking at hex all day and popping '\x41's? Rather look at Lugia/Charmander? I have the solution for you.
1rm/Reptile
LKM Linux rootkit
1rm/ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
1rm/Screenshooter
C# program to take a full size screenshot or a recording of the user's desktop. Takes in 0-3 flags
1rm/SharpEventPersist
Persistence by writing/reading shellcode from Event Log
1rm/Skrull
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
1rm/UACME
Defeating Windows User Account Control
1rm/webshell-sample
收集自网络各处的 webshell 样本,用于测试 webshell 扫描器检测率。
1rm/WinPwnage
UAC bypass, Elevate, Persistence methods