Darktortue

Darktortue's Stars

• tsale/EDR-Telemetry

  This project aims to compare and evaluate the telemetry of various EDR products.

  Language:Python1.7k5429158

• JustasMasiulis/lazy_importer

  library for importing functions from dlls in a hidden, reverse engineer unfriendly way

  Language:C++1.7k4155222

• Mr-Un1k0d3r/SCShell

  Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

  Language:C1.4k285236

• dchrastil/ScrapedIn

  A tool to scrape LinkedIn without API restrictions for data reconnaissance

  Language:Python1k2519138

• Xacone/BestEdrOfTheMarket

  Little user-mode AV/EDR evasion lab for training & learning purposes

  Language:C++995154110

• SafeBreach-Labs/PoolParty

  A set of fully-undetectable process injection techniques abusing Windows Thread Pools

  Language:C++952133132

• es3n1n/obfuscator

  PE bin2bin obfuscator

  Language:C++607171857

• Cracked5pider/LdrLibraryEx

  A small x64 library to load dll's into memory.

  Language:C42412272

• vxlang/vxlang-page

  protector & obfuscator & code virtualizer

  Language:C++410111230

• MaorSabag/TrueSightKiller

  CPP AV/EDR Killer

  Language:C++3556361

• TheD1rkMtr/TakeMyRDP

  A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)

  Language:C++3546063

• Krypteria/AtlasLdr

  Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls

  Language:C++35310159

• Prepouce/CoercedPotato

  A Windows potato to privesc

  Language:C3424665

• S3cur3Th1sSh1t/Caro-Kann

  Encrypted shellcode Injection to avoid Kernel triggered memory scans

  Language:C3405439

• Mr-Un1k0d3r/.NetConfigLoader

  .net config loader

  3084033

• KingOfTheNOPs/cookie-monster

  BOF to steal browser cookies & credentials

  Language:C2205726

• hackerhouse-opensource/OffensiveLua

  Offensive Lua.

  Language:Lua1753124

• nettitude/Tartarus-TpAllocInject

  Language:C++17310126

• ph4nt0mbyt3/Darkside

  C# AV/EDR Killer using less-known driver (BYOVD)

  Language:C#1563028

• cpu0x00/SharpReflectivePEInjection

  reflectively load and execute PEs locally and remotely bypassing EDR hooks

  Language:C#1482226

• naksyn/ProcessStomping

  A variation of ProcessOverwriting to execute shellcode on an executable's section

  Language:PowerShell1452327

• HuskyHacks/SharpTokenFinder

  C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps

  Language:C#1331021

• zimnyaa/noWatch

  Implant drop-in for EDR testing

  Language:C1277019

• Z4kSec/IoctlHunter

  IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.

  Language:Python901110

• Speedi13/Custom-GetProcAddress-and-GetModuleHandle-and-more

  Custom GetProcAddress, GetModuleHandleA and some dbghelp.dll functions

  Language:C++827019

• Allevon412/BreadManModuleStomping

  Language:C38205

• Sh0ckFR/API-Hashing

  A basic exemple of the API-Hashing method used by Red Teamers but also by malwares developers in C++

  Language:C++35204

• Hagrid29/CertifyKit

  Active Directory certificate abuse

  Language:C#32103

• p4p1/havoc-store

  A simple website to act as a store for havoc modules and extensions

  Language:JavaScript22107

• wh0amitz/CTFCON2023-POC

  Language:C#18205