FatCyclone

Pentester / Red Team Operator

FatCyclone's Stars

awesome-selfhosted/awesome-selfhosted
A list of Free Software network services and web applications which can be hosted on your own servers
211k 2.7k 80310k
BeichenDream/GodPotato
Language:C#1.8k 10 13226
Idov31/Nidhogg
Nidhogg is an all-in-one simple to use windows kernel rootkit.
Language:C++1.8k 36 16278
threatexpress/malleable-c2
Cobalt Strike Malleable C2 Design and Reference Guide
1.6k 42 13298
paranoidninja/CarbonCopy
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
Language:Python1.3k 55 14282
ZeroMemoryEx/Terminator
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
Language:C++936 19 10155
JLospinoso/gargoyle
A memory scanning evasion technique
Language:C++848 29 5115
chvancooten/NimPlant
A light-weight first-stage C2 implant written in Nim (and Rust).
Language:Rust817 13 22109
CCob/ThreadlessInject
Threadless Process Injection using remote function hooking.
Language:C#735 11 084
Cracked5pider/Ekko
Sleep Obfuscation
Language:C705 14 1103
klezVirus/CheeseTools
Self-developed tools for Lateral Movement/Code Execution
Language:C#694 23 1141
zodiacon/windowskernelprogrammingbook
The Windows Kernel Programming book samples
Language:C++616 20 6127
ZeroMemoryEx/Amsi-Killer
Lifetime AMSI bypass
Language:C++609 9 492
AlmondOffSec/PassTheCert
Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
Language:C#587 8 1773
Idov31/Cronos
PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
Language:C568 10 263
namazso/MagicSigner
Signtool for expired certificates
Language:C++463 15 151
zblurx/dploot
DPAPI looting remotely and locally in Python
Language:Python433 7 1456
thefLink/DeepSleep
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
Language:C352 9 156
waldo-irc/YouMayPasser
You shall pass
Language:PowerShell250 10 051
S12cybersecurity/RDPCredentialStealer
RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++
Language:C++238 8 137
rad9800/hwbp4mw
Language:C++223 4 050
tothi/serviceDetector
Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin privileges.
Language:Python218 5 124
codewhitesec/Lastenzug
Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
Language:Go213 3 131
xalicex/Killers
Exploitation of process killer drivers
Language:C193 8 223
Semperis/GoldenGMSA
GolenGMSA tool for working with GMSA passwords
Language:C#137 3 221
CymulateResearch/Blindside
Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
Language:C++114 4 118
0xthirteen/AssemblyHunter
Find .net assemblies locally
Language:C#95 4 119
xalicex/LOLDrivers_finder
Language:Python73 2 010
zyn3rgy/ClickonceHunter
Golang search engine scraper intended for identification of published ClickOnce deployments
Language:Go69 3 07
tothi/malicious-service
Minimal Windows Service Template for demonstrating privilege escalation via weak service executable permissions
Language:C13 3 05

FatCyclone

FatCyclone's Stars

awesome-selfhosted/awesome-selfhosted

BeichenDream/GodPotato

Idov31/Nidhogg

threatexpress/malleable-c2

paranoidninja/CarbonCopy

ZeroMemoryEx/Terminator

JLospinoso/gargoyle

chvancooten/NimPlant

CCob/ThreadlessInject

Cracked5pider/Ekko

klezVirus/CheeseTools

zodiacon/windowskernelprogrammingbook

ZeroMemoryEx/Amsi-Killer

AlmondOffSec/PassTheCert

Idov31/Cronos

namazso/MagicSigner

zblurx/dploot

thefLink/DeepSleep

waldo-irc/YouMayPasser

S12cybersecurity/RDPCredentialStealer

rad9800/hwbp4mw

tothi/serviceDetector

codewhitesec/Lastenzug

xalicex/Killers

Semperis/GoldenGMSA

CymulateResearch/Blindside

0xthirteen/AssemblyHunter

xalicex/LOLDrivers_finder

zyn3rgy/ClickonceHunter

tothi/malicious-service