Pinned Repositories
Akira-obfuscator
Another LLVM-obfuscator based on LLVM-17. A fork of Arkari
C2
A basic C2 framework written in C
cave_miner
Search for code cave in all binaries
CaveCarver
CaveCarver - PE backdooring tool which utilizes and automates code cave technique
DojoLoader
Generic PE loader for fast prototyping evasion techniques
ErebusGate
ErebusGate for Nim Bypass AV/EDR
Nim-Bypass-ETW-NtTraceEvent
Nim Bypass etw For NtTraceEvent
Nim-Hide
windows API to hide console window by Nimlang
Shellcode-Hastur
Shellcode Reductio Entropy Tools
SymFromAddress
利用 DbgHelp 库解析符号,动态获取指定模块中的函数地址
Haunted-Banshee's Repositories
Haunted-Banshee/Shellcode-Hastur
Shellcode Reductio Entropy Tools
Haunted-Banshee/C2
A basic C2 framework written in C
Haunted-Banshee/DojoLoader
Generic PE loader for fast prototyping evasion techniques
Haunted-Banshee/SymFromAddress
利用 DbgHelp 库解析符号,动态获取指定模块中的函数地址
Haunted-Banshee/Akira-obfuscator
Another LLVM-obfuscator based on LLVM-17. A fork of Arkari
Haunted-Banshee/cave_miner
Search for code cave in all binaries
Haunted-Banshee/CaveCarver
CaveCarver - PE backdooring tool which utilizes and automates code cave technique
Haunted-Banshee/CrimsonEDR
Simulate the behavior of AV/EDR for malware development training.
Haunted-Banshee/dse_hook
load unsigned kernel-driver by patching dse in 248 lines
Haunted-Banshee/Dynamic-Windows-API-Resolver
A simple to use single-include Windows API resolver
Haunted-Banshee/edr_blocker
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
Haunted-Banshee/EDRPrison
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
Haunted-Banshee/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
Haunted-Banshee/ETWListicle
List the ETW provider(s) in the registration table of a process.
Haunted-Banshee/flower
a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
Haunted-Banshee/ImmoralFiber
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)
Haunted-Banshee/LayeredSyscall
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
Haunted-Banshee/LoudSunRun
Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
Haunted-Banshee/no-defender
A slightly more fun way to disable windows defender. (through the WSC api)
Haunted-Banshee/OST-C2-Spec
Open Source C&C Specification
Haunted-Banshee/RemoteKrbRelay
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
Haunted-Banshee/rp
rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.
Haunted-Banshee/RWX_MEMEORY_HUNT_AND_INJECTION_DV
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
Haunted-Banshee/shadow-rs
Windows Kernel Rootkit in Rust 🦀
Haunted-Banshee/SharpIncrease
A Tool that aims to evade av with binary padding
Haunted-Banshee/SharpNado
Repository to gather all .NET malware related code snippets or programs I will develop
Haunted-Banshee/thread_namecalling
Process Injection using Thread Name
Haunted-Banshee/TrickDump
Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file... and generate the Minidump later!
Haunted-Banshee/VectorKernel
PoCs for Kernelmode rootkit techniques research.
Haunted-Banshee/Win32_Offensive_Cheatsheet
Win32 and Kernel abusing techniques for pentesters