Pinned Repositories
AntiAntiVirusNotes
学习免杀的笔记
BlackRAT
BlackRAT - Java Based Remote Administrator Tool
KBlast
Windows Kernel Offensive Toolset
Khepri
Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
Limelighter
A tool for generating fake code signing certificates or signing real ones
LinuxTQ
《Linux提权工具与方法论》
Mangle
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
paradoxiaRAT
ParadoxiaRat : Native Windows Remote access Tool.
RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
Keobjames's Repositories
Keobjames/KBlast
Windows Kernel Offensive Toolset
Keobjames/CVE-2023-35829-poc
CVE-2023-35829 Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
Keobjames/Khepri
Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
Keobjames/Limelighter
A tool for generating fake code signing certificates or signing real ones
Keobjames/LinuxTQ
《Linux提权工具与方法论》
Keobjames/Mangle
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
Keobjames/merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Keobjames/RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
Keobjames/AntiAntiVirusNotes
学习免杀的笔记
Keobjames/AtlasC2
C# C2 Framework centered around Stage 1 operations
Keobjames/awesome-linux-attack-forensics-purplelabs
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
Keobjames/code_injection
Implementation of several code injection techniques.
Keobjames/command
红队常用命令速查
Keobjames/Covenant
Covenant is a collaborative .NET C2 framework for red teamers.
Keobjames/delete-self-poc
A way to delete a locked file, or current running executable, on disk.
Keobjames/FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
Keobjames/Disable-TamperProtection
A POC to disable TamperProtection and other Defender / MDE components
Keobjames/ebpf-for-windows
eBPF implementation that runs on top of Windows
Keobjames/Heroinn
A cross platform C2/post-exploitation framework.
Keobjames/InjectTools
一款集成了DLL-Ring0注入,APC注入,线程劫持,映射注入,自提权的工具
Keobjames/Jlaive_Crypter
🔰 Crypter 100% FUD AntiVirus Evasion | AES-256, XOR Bit Encryption
Keobjames/NiceKatz
A nice process dumping tool
Keobjames/o365spray
Username enumeration and password spraying tool aimed at Microsoft O365.
Keobjames/reverse-ssh
Statically-linked ssh server with reverse shell functionality for CTFs and such
Keobjames/ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
Keobjames/Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
Keobjames/ServiceMove-BOF
New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
Keobjames/StopDefender
Stop Windows Defender programmatically
Keobjames/TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
Keobjames/WebShell-Bypass-Guide
从零学习Webshell免杀手册