ProcessusT
Ingénieur sécurité & Microsoft Security MVP 💻 Speaker @LeHack & @DFIR212
Les tutos de ProcessusReims, France
Pinned Repositories
Dictofuscation
Obfuscate the bytes of your payload with an association dictionary
ETWMonitor
Windows notifier tool that detects suspicious connections by monitoring ETW event logs
HavocHub
PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are relayed through Issues and Comments for maximum stealth.
HEKATOMB
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.
LoadThatPE
A simple PE Loader tool that loads a PE from memory, decrypt it, resolve its imports, relocate its sections, and redefine its entry point to execute seamlessly from memory
PsNotifRoutineUnloader
This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection
SharpVenoma
CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
UnhookingDLL
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
Venoma
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
VolchockC2
VolchockC2 is a custom-built Command & Control (C2) framework, currently under active development. Designed for red team operations and adversary simulation, VolchockC2 focuses on flexibility, stealth, and efficient post-exploitation capabilities.
ProcessusT's Repositories
ProcessusT/HEKATOMB
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.
ProcessusT/Venoma
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
ProcessusT/Dictofuscation
Obfuscate the bytes of your payload with an association dictionary
ProcessusT/UnhookingDLL
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
ProcessusT/PsNotifRoutineUnloader
This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection
ProcessusT/SharpVenoma
CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
ProcessusT/HavocHub
PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are relayed through Issues and Comments for maximum stealth.
ProcessusT/VolchockC2
VolchockC2 is a custom-built Command & Control (C2) framework, currently under active development. Designed for red team operations and adversary simulation, VolchockC2 focuses on flexibility, stealth, and efficient post-exploitation capabilities.
ProcessusT/MasterKeyBrute
Bruteforce DPAPI encrypted MasterKey File from Windows Credentials Manager
ProcessusT/EnumSSN
Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current process
ProcessusT/Automated-C2
Automate your C2 creation with Azure Frontdoor and randomly generated options
ProcessusT/La-Gamelle
Tous les trucs utilisés dans les Tutos, les shellcodes, les templates, les notes...
ProcessusT/LoadThat-PEandAssembly
2 PE Loader tools that load a PE from memory, decrypt it and make some magic things to execute seamlessly from memory
ProcessusT/RemClip
RemClip is a C# project which permits to steal user clipboard data and send it to a remote web server under attacker control
ProcessusT/DetectEsetHooks
Tool to enumerate ESET hooked functions by parsing the ebehmoni.dll module
ProcessusT/MikNet
Autonomous red team implementation allowing sound capture and broadcast through an untraceable front-end server to the attacker's station
ProcessusT/IndirectSyscalls
A custom reimplementation of indirect syscalls without the use of GetModuleHandleA and GetProcAddress
ProcessusT/aspyco
Aspyco is a python script that permits to upload a local binary through SMB on a remote host. Then it remotely connects to svcctl named pipe through DCERPC to create and start the binary as a service.
ProcessusT/CodeCaveInjection
Test d'injection de shellcode dans un fichier PE 64bits
ProcessusT/ESEDHOUND
ESEDHOUND is a python script that extract datatable from the ntds.dit file to retrieve users, computers and groups. The goal is to send all the infos into Bloodhound to help incident responders for identifying AD objects.
ProcessusT/invit-bomber
Script python permettant d'envoyer en masse des invitations sur LinkedIn
ProcessusT/Araneus
Je sais pas trop encore, on verra
ProcessusT/AuthenticationPassthroughExploitation
Another example of Azure AD Authentication Passthrough exploitation to intercept LogonUserW API calls
ProcessusT/blackarch
An ArchLinux based distribution for penetration testers and security researchers.
ProcessusT/Havoc
The Havoc Framework
ProcessusT/Killer
Is a tool created to evade AVs and EDRs or security tools.
ProcessusT/libesedb
Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
ProcessusT/RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
ProcessusT/generate_random_ad_users
ProcessusT/NetExec
The Network Execution Tool