Pinned Repositories
ADSrunner
Write a UUIDs bytes array "*" collected to the Alternate Data Stream of the current binary , then the ADS Runner will get the DATA tranfert it into a char table nice UUIDS shellcode and Run it
BestEdrOfTheMarket
Little AV/EDR bypassing lab for training & learning purposes
BypassNeo-reGeorg
免杀版Neo-reGeorg
chromepass
Fetching passwords from the chrome browser database
ChTimeStamp
Changing the Creation time and the Last Written time of a dropped file by the timestamp of other one , like the "kernel32.dll" timestamp
CVE-2023-36723
PPLdump
Dump the memory of a PPL with a userland exploit
ShellcodeLoader_code1
Windows通用免杀shellcode生成器,能够绕过Microsoft Defender、360、火绒、Panda等杀软的查杀。
UEditorGetShell
UEditor编辑器批量GetShell / Code By:Tas9er
MsF-NTDLL's Repositories
MsF-NTDLL/CVE-2023-36874_BOF
Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
MsF-NTDLL/Augustus
Evasive Golang Loader
MsF-NTDLL/ContainYourself
A POC of the ContainYourself research presented in DEF CON 31, which abuses the Windows containers framework to bypass EDRs.
MsF-NTDLL/post-hub
内网渗透
MsF-NTDLL/CVE-2023-36874
MsF-NTDLL/DllNotificationInjection
A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.
MsF-NTDLL/Reg-Restore-Persistence-Mole
a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring. This POC will use
MsF-NTDLL/mhydeath
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
MsF-NTDLL/NVDrv
Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
MsF-NTDLL/HITCON-2023-Demo-CVE-2023-20562
MsF-NTDLL/shell-backdoor
all shell backdoor in the world
MsF-NTDLL/PigScheduleTask
添加计划任务方法集合
MsF-NTDLL/slcx
端口转发工具,绕过流量安全检测。
MsF-NTDLL/PSDetour
Windows Detour Hooking in PowerShell
MsF-NTDLL/D1rkInject
Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state
MsF-NTDLL/WSPCoerce
PoC to coerce authentication from Windows hosts using MS-WSP
MsF-NTDLL/Amsi_Bypass_In_2023
Amsi Bypass payload that works on Windwos 11
MsF-NTDLL/S4UTomato
Escalate Service Account To LocalSystem via Kerberos
MsF-NTDLL/TGSThief
My implementation of the GIUDA project in C++
MsF-NTDLL/ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
MsF-NTDLL/Loa
MsF-NTDLL/TakeMyRDP
A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)
MsF-NTDLL/RecycledInjector
Native Syscalls Shellcode Injector
MsF-NTDLL/WMIExec
Set of python scripts which perform different ways of command execution via WMI protocol.
MsF-NTDLL/Kernel-Process-Hollowing
Windows x64 kernel mode rootkit process hollowing POC.
MsF-NTDLL/GCR-Google-Calendar-RAT
Google Calendar RAT is a PoC of Command&Control over Google Calendar Events
MsF-NTDLL/RemoteIDSpoofer
NodeMCU RemoteID Spoofer
MsF-NTDLL/Malleable-CS-Profiles
A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
MsF-NTDLL/CVE-2023-29343
MsF-NTDLL/elevationstation
elevate to SYSTEM any way we can!