Pinned Repositories
DNS-Polygraph
Tool designed to study the answers of your DNS resolver and make easier the identification of techniques such as DNS Hijacking/Poisoning
DoublePulsar-Volatility
Volatility plugin to help identify DoublePulsar implant by listing the array of pointers SrvTransaction2DispatchTable from the srv.sys driver.
Hidden-Cobra-Proxy
Nmap NSE script to detect the proxy component of the Hidden Cobra APT attributed to North Korean government
metasploit-framework
Metasploit Framework
Pazuzu
Pazuzu: Reflective DLL to run binaries from memory
PlcInjector
Modbus stager in assembly and some scripts to upload/download data to the holding register of a PLC
post-exploitation
Post Exploitation Collection
reflectPatcher
Python script to patch the reflective stub in a DLL
tlsInjector
Python script to inject and run shellcodes through TLS callbacks
Windows-One-Way-Stagers
Windows Stagers to circumvent restrictive network environments
BorjaMerino's Repositories
BorjaMerino/Pazuzu
Pazuzu: Reflective DLL to run binaries from memory
BorjaMerino/Windows-One-Way-Stagers
Windows Stagers to circumvent restrictive network environments
BorjaMerino/PlcInjector
Modbus stager in assembly and some scripts to upload/download data to the holding register of a PLC
BorjaMerino/DNS-Polygraph
Tool designed to study the answers of your DNS resolver and make easier the identification of techniques such as DNS Hijacking/Poisoning
BorjaMerino/reflectPatcher
Python script to patch the reflective stub in a DLL
BorjaMerino/DoublePulsar-Volatility
Volatility plugin to help identify DoublePulsar implant by listing the array of pointers SrvTransaction2DispatchTable from the srv.sys driver.
BorjaMerino/Hidden-Cobra-Proxy
Nmap NSE script to detect the proxy component of the Hidden Cobra APT attributed to North Korean government
BorjaMerino/metasploit-framework
Metasploit Framework
BorjaMerino/SheLLVM
A collection of LLVM transform and analysis passes to write shellcode in regular C
BorjaMerino/MlwScripts
Scripts for malware analysis
BorjaMerino/Cobaltstrike-Detection
This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared
BorjaMerino/Cyber-Defence
Information released publicly by NCC Group's Cyber Defence team
BorjaMerino/Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)
BorjaMerino/hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
BorjaMerino/InfinityHook
Hook system calls, context switches, page faults and more.
BorjaMerino/rvmi
rVMI - A New Paradigm For Full System Analysis
BorjaMerino/stuff
Repository for no purpose
BorjaMerino/advisories
Advisories and Proofs of Concept by BlackArrow
BorjaMerino/Brute-Ratel-C4-Community-Kit
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4 (https://bruteratel.com/)
BorjaMerino/HyperDbg
The Source Code of HyperDbg Debugger 🐞
BorjaMerino/memdlopen-lib
BorjaMerino/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
BorjaMerino/pivotnacci
A tool to make socks connections through HTTP agents
BorjaMerino/Revenant
Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework
BorjaMerino/SigThief
Stealing Signatures and Making One Invalid Signature at a Time
BorjaMerino/siofra
BorjaMerino/ThreatIntelligenceDiscordBot
Gets updates from various clearnet domains and ransomware threat actor domains
BorjaMerino/transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
BorjaMerino/webshell
This is a webshell open source project
BorjaMerino/xknow_infosec
Random Stuff for Cyber Security Incident Response