Pinned Repositories
BypassETW_CSharp
Bypassing ETW with Csharp
DInvoke_shellcodeload_CSharp
ShellCodeLoader via DInvoke
EarlyBirdInjection_CSharp
Inject shellcode into process via "EarlyBird"
Fiber_ShellcodeExecution
Using fibers to execute shellcode in a local process via csharp
HellgateLoader_CSharp
Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.
HookDetection_CSharp
HookDetection
MappingInjection_CSharp
MappingInjection via csharp
NewNtdllBypassInlineHook_CSharp
Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.
PEB-PPIDspoofing_Csharp
Command line & PPID spoofing
SysCall_ShellcodeLoad_Csharp
Load shellcode via syscall
Kara-4search's Repositories
Kara-4search/ProjectPics
For temp pictures
Kara-4search/ContainYourself
A POC of the ContainYourself research presented in DEF CON 31, which abuses the Windows containers framework to bypass EDRs.
Kara-4search/WinDefenderKiller
Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys
Kara-4search/CVE-2024-21338
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.
Kara-4search/GhostFart
Kara-4search/HiddenDesktop
HVNC for Cobalt Strike
Kara-4search/LdrLibraryEx
A small x64 library to load dll's into memory.
Kara-4search/rp-bf.rs
rp-bf: A library to bruteforce ROP gadgets by emulating a Windows user-mode crash-dump
Kara-4search/Terminator
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
Kara-4search/acheron
indirect syscalls for AV/EDR evasion in Go assembly
Kara-4search/AFLplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Kara-4search/Amsi-Killer
Lifetime AMSI bypass
Kara-4search/BannerlordCoop
Kara-4search/Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
Kara-4search/clash_for_windows_pkg
A Windows/macOS GUI based on Clash
Kara-4search/CVE-2023-36168
An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component
Kara-4search/DefenderYara
Extracted Yara rules from Windows Defender mpavbase and mpasbase
Kara-4search/EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
Kara-4search/evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Kara-4search/GodPotato
Kara-4search/gpt4free
decentralising the Ai Industry, just some language model api's...
Kara-4search/Jormungandr
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
Kara-4search/LdrLockLiberator
For when DLLMain is the only way
Kara-4search/maldev
Golang library for malware development and red teamers
Kara-4search/PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
Kara-4search/proc-macro-workshop
Learn to write Rust procedural macros [Rust Latam conference, Montevideo Uruguay, March 2019]
Kara-4search/quivr
🧠 Dump all your files and chat with it using your Generative AI Second Brain using LLMs ( GPT 3.5/4, Private, Anthropic, VertexAI ) & Embeddings 🧠
Kara-4search/ShellWasp
ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Windows syscalls. ShellWasp is built for 32-bit, WoW64. ShellWasp 2.0 includes novel ways to invoke the syscall in WoW64.
Kara-4search/SignatureGate
Weaponized HellsGate/SigFlip
Kara-4search/vmprotect-3.5.1