Pinned Repositories
ADSrunner
Write a UUIDs bytes array "*" collected to the Alternate Data Stream of the current binary , then the ADS Runner will get the DATA tranfert it into a char table nice UUIDS shellcode and Run it
BestEdrOfTheMarket
Little AV/EDR bypassing lab for training & learning purposes
BypassNeo-reGeorg
免杀版Neo-reGeorg
chromepass
Fetching passwords from the chrome browser database
ChTimeStamp
Changing the Creation time and the Last Written time of a dropped file by the timestamp of other one , like the "kernel32.dll" timestamp
CVE-2023-36723
PPLdump
Dump the memory of a PPL with a userland exploit
ShellcodeLoader_code1
Windows通用免杀shellcode生成器,能够绕过Microsoft Defender、360、火绒、Panda等杀软的查杀。
UEditorGetShell
UEditor编辑器批量GetShell / Code By:Tas9er
MsF-NTDLL's Repositories
MsF-NTDLL/Keylogger1
A keylogger written in C that has evasion in mind
MsF-NTDLL/adiskreader-secretsdump
Extract registry and NTDS secrets from local or remote disk images
MsF-NTDLL/android_autorooter
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability remotely
MsF-NTDLL/APT-Attack-Simulation
This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools that attackers might have used in actual attacks. These tools and TTPs are simulated here.
MsF-NTDLL/APT_Step_Bear_Inject
复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》
MsF-NTDLL/BenevolentLoader
Shellcode loader using direct syscalls via Hell's Gate and payload encryption.
MsF-NTDLL/bsprishtina-2024-maldev-workshop
BSides Prishtina 2024 Malware Development and Persistence workshop
MsF-NTDLL/cnext-exploits
Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()
MsF-NTDLL/CVE-2023-36424
Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation
MsF-NTDLL/CVE-2024-21111
Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability
MsF-NTDLL/CVE-2024-26229
CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
MsF-NTDLL/CVE-2024-30088
MsF-NTDLL/CVE_2024_30078_POC_WIFI
basic concept for the latest windows wifi driver CVE
MsF-NTDLL/damnCoffee
一款简单的后渗透免杀加载器,Bypass AV/EDR
MsF-NTDLL/dropper
Project that generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW
MsF-NTDLL/edr-internals
Tools for analyzing EDR agents
MsF-NTDLL/EDR-XDR-AV-Killer
Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
MsF-NTDLL/GhostlyHollowingViaTamperedSyscalls
Implementing the ghostly hollowing PE injection technique using tampered syscalls.
MsF-NTDLL/IoCs
Sophos-originated indicators-of-compromise from published reports
MsF-NTDLL/Kematian-Stealer
The best and completely open source Stealer
MsF-NTDLL/LOLDrivers-webclient
Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io
MsF-NTDLL/No-Consolation
A BOF that runs unmanaged PEs inline
MsF-NTDLL/notes
Full of public notes and Utilities
MsF-NTDLL/PotatoTool
这款工具是一款功能强大的网络安全综合工具,旨在为安全从业者、红蓝对抗人员和网络安全爱好者提供全面的网络安全解决方案。它集成了多种实用功能,包括解密、分析、扫描、溯源等,为用户提供了便捷的操作界面和丰富的功能选择。This tool offers robust network security solutions for professionals and enthusiasts. With features like decryption, analysis, scanning, and traceability, it provides a user-friendly interface and diverse functionality.
MsF-NTDLL/PWA-Phishing
MsF-NTDLL/RWX_MEMEORY_HUNT_AND_INJECTION_DV
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
MsF-NTDLL/TrollDump
MsF-NTDLL/webshell
A collection of webshell
MsF-NTDLL/white_patch_detect
通杀检测基于白文件patch黑代码的免杀技术的后门
MsF-NTDLL/ZeroEye
自动化找白文件,灰梭子好搭档!!!用于扫描 EXE 文件的导入表,列出导入的DLL文件,并筛选出非系统DLL,符合条件的文件将被复制到特定的 binX64 或 binX86 文件夹