Swifto0's Stars
mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
ossec/ossec-hids
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
AxtMueller/Windows-Kernel-Explorer
A free but powerful Windows kernel research tool.
ysrc/yulong-hids-archived
[archived] 一款实验性质的主机入侵检测系统
hasherezade/hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Dec0ne/KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
boku7/BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
R4gd0ll/I-Wanna-Get-All
OA漏洞利用工具
Meckazin/ChromeKatz
Dump cookies and credentials directly from Chrome/Edge process memory
SpenserCai/DRat
去中心化远程控制工具(Decentralized Remote Administration Tool),通过ENS实现了配置文件分发的去中心化,通过Telegram实现了服务端的去中心化
mandiant/SilkETW
Idov31/FunctionStomping
Shellcode injection technique. Given as C++ header, standalone Rust program or library.
microsoft/krabsetw
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
EBWi11/AgentSmith-HIDS
By Kprobe technology Open Source Host-based Intrusion Detection System(HIDS), from E_Bwill.
vxCrypt0r/Voidgate
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
TonyChen56/ShellCodeFrame
使用纯C/C++编写的ShellCode生成框架
Pizz33/JoJoLoader
助力红队成员一键生成免杀木马,使用rust实现 | Help Redteam members generate Evasive Anti-virus software Trojan
0x4D31/galah
Galah: An LLM-powered web honeypot.
yangzhongke/Zack.DotNetTrimmer
HackerCalico/Magic_C2
红队 C2 框架,使用 No X Loader 技术。Red Team C2 Framework, using No X Loader technology.
senzee1984/EDRPrison
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
M01N-Team/HeaderLessPE
zodiacon/WFPExplorer
Windows Filtering Platform Explorer
AlteredSecurity/Disable-TamperProtection
A POC to disable TamperProtection and other Defender / MDE components
ProcessusT/ETWMonitor
Windows notifier tool that detects suspicious connections by monitoring ETW event logs
jdu2600/CFG-FindHiddenShellcode
Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
jdu2600/EtwTi-FluctuationMonitor
Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
jdu2600/Etw-SyscallMonitor
Monitors ETW for security relevant syscalls maintaining the set called by each unique process
Saber-CC/Go-NKN-Trojan
A decentralized basic Trojan framework that eliminates C2 mode and is implemented by P2P, the core networking technology of blockchain
Aterror2be/CVE-2020-14974
A simple POC that demonstrates A vulnerability found in IObitUnlocker 1.1.2 that leverages IOCTL codes found it its vulnerable driver (IObitUnlocker.sys), providing ability to unlock, delete, rename, copy, and move running files and a low privileged user.