Pinned Repositories
AccessToken-Impersonation
Access Token Manipulation to elevate to system from local admin
Applications-Security
Custom_Tooling
I created Custom Programs/binaries For my engagements. Most of these were created during my engagement period. Now I share a few for educational purposes.
CVE-2022-28171-POC
EmailScraper
Email OSINT Phishing
frameless-bitb
A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.
Infrastructure-Assessment
Assessment_Note
Privilege-Escalation-Windows
QueueUserAPC
QueueUserAPC Process Injection with XOR Decrypt & Encrypt.
Reserve_Boolean-based-SQL-injection
NyaMeeEain's Repositories
NyaMeeEain/Applications-Security
NyaMeeEain/ADSearch
A tool to help query AD via the LDAP protocol
NyaMeeEain/AmsiBypassHookManagedAPI
A new AMSI Bypass technique using .NET ALI Call Hooking.
NyaMeeEain/ASRenum-BOF
Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
NyaMeeEain/BOF-patchit
An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.
NyaMeeEain/ClipboardWindow-Inject
CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback
NyaMeeEain/CSharpReflectionWorkshop
The repository that complements the From zero to hero: creating a reflective loader in C# workshop
NyaMeeEain/CVE-2021-40444
CVE-2021-40444 PoC
NyaMeeEain/CVE-2023-21752
NyaMeeEain/CVE-2023-24055_PoC
CVE-2023-24055 PoC (KeePass 2.5x)
NyaMeeEain/Data
NyaMeeEain/hoaxshell
An unconventional Windows reverse shell, currently undetected by Microsoft Defender and various other AV solutions, solely based on http(s) traffic.
NyaMeeEain/InMemoryNET
Exploring in-memory execution of .NET
NyaMeeEain/Invoke-Stealth
Simple & Powerful PowerShell Script Obfuscator
NyaMeeEain/Ivy
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
NyaMeeEain/jquery-ui
CVE Collection of jQuery UI XSS Payloads
NyaMeeEain/Malware_learns
NyaMeeEain/NetLoader
Loads any C# binary in mem, patching AMSI + ETW.
NyaMeeEain/OffensiveRust
Rust Weaponization for Red Team Engagements.
NyaMeeEain/OffensiveVBA
This repo covers some code execution and AV Evasion methods for Macros in Office documents
NyaMeeEain/PatchThatAMSI
this repo contains 6 AMSI patches , both force the triggering of a conditional jump inside AmsiOpenSession() that close the Amsi scanning session. The 1st patch by corrupting the Amsi context header and the 2nd patch by changing the string "AMSI" that will be compared to the Amsi context header to "D1RK". The other just set ZF to 1.
NyaMeeEain/Payload-Download-Cradles
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
NyaMeeEain/RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
NyaMeeEain/SharpAllTheThings
The idea is to collect all the C# projects that are Sharp{Word} that can be used in Cobalt Strike as execute assembly command.
NyaMeeEain/SharpImpersonation
A User Impersonation tool - via Token or Shellcode injection
NyaMeeEain/SharpMapExec
NyaMeeEain/SharpToken
Windows Token Stealing Expert
NyaMeeEain/SQLRecon
A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
NyaMeeEain/SyscallPack
BOF and Shellcode for full DLL unhooking using dynamic syscalls
NyaMeeEain/Win32_Offensive_Cheatsheet
Win32 and Kernel abusing techniques for pentesters