Pinned Repositories
AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks
Amsi-Go
AmsiHooker
Hookers are cooler than patches.
Apuntes
AQUARMOURY
My musings in C and offensive tooling
SharpShooter
Payload Generation Framework
Insideus's Repositories
Insideus/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Insideus/ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
Insideus/Invoke-DLLClone
Koppeling x Metatwin x LazySign
Insideus/HOLLOW
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
Insideus/commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com
Insideus/RTOVMSetup
Insideus/SharpNoPSExec
Get file less command execution for lateral movement.
Insideus/capsulecorp-pentest
Vagrant VirtualBox environment for conducting an internal network penetration test
Insideus/Stracciatella
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
Insideus/SharpBlock
A method of bypassing EDR's active projection DLL's by preventing entry point exection
Insideus/NativePayload_CBT
NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)
Insideus/AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks
Insideus/SharpShooter
Payload Generation Framework
Insideus/ESC
Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting SQL Servers during penetration tests and red team engagements. The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.
Insideus/OffensiveCSharp
Collection of Offensive C# Tooling
Insideus/Callback_Shellcode_Injection
POCs for Shellcode Injection via Callbacks
Insideus/Empire
Empire is a PowerShell and Python 3.x post-exploitation framework.
Insideus/waf-bypass
WAF bypass script (Python3)
Insideus/EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Insideus/RedTeamCCode
Red Team C code repo
Insideus/PowerUpSQL
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
Insideus/cThreadHijack
Beacon Object File (BOF) for remote process injection via thread hijacking
Insideus/Dumpert
LSASS memory dumper using direct system calls and API unhooking.
Insideus/stealthInjector
Injects shellcode into remote processes using direct syscalls
Insideus/openedr
Open EDR public repository
Insideus/Covenant
Covenant is a collaborative .NET C2 framework for red teamers.
Insideus/building-c2-implants-in-cpp
The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogunlab).
Insideus/SharpMapExec
Insideus/AQUARMOURY
My musings in C and offensive tooling
Insideus/sRDI
Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode