Pinned Repositories
AceLdr
Cobalt Strike UDRL for memory scanner evasion.
Alaris
A protective and Low Level Shellcode Loader that defeats modern EDR systems.
AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks
AM0N-Eye
arsenal-rs
Rusty Process Injection / Post-Exploitation Techniques
AutoRecon
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
avred
Analyse your malware to chirurgicaly obfuscate it
avred-server
Bin-Finder
Detect EDR's exceptions by inspecting processes' loaded modules
bof-vs
A Beacon Object File (BOF) template for Visual Studio
an0x03e8's Repositories
an0x03e8/Alaris
A protective and Low Level Shellcode Loader that defeats modern EDR systems.
an0x03e8/Christmas
an0x03e8/CLRInjector
A PoC .NET-specific process injection tool
an0x03e8/Cobalt-Strike-Profiles-for-EDR-Evasion
Cobalt Strike Profiles for EDR Evasion
an0x03e8/EDR-Preloader
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
an0x03e8/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
an0x03e8/go-secdump
Tool to remotely dump secrets from the Windows registry
an0x03e8/InjectKit
Modified versions of the Cobalt Strike Process Injection Kit
an0x03e8/LdrLockLiberator
For when DLLMain is the only way
an0x03e8/LetMeowIn
A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
an0x03e8/llvm-yx-callobfuscator
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
an0x03e8/MDE_Enum
comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules without Admin privileges
an0x03e8/MSC_Dropper
an0x03e8/Packer_Development
Slides & Code snippets for a workshop held @ x33fcon 2024
an0x03e8/perfect-dll-proxy
Perfect DLL Proxying using forwards with absolute paths.
an0x03e8/PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
an0x03e8/PPLSystem
an0x03e8/RemoteKrbRelay
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
an0x03e8/RemoteTLSCallbackInjection
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
an0x03e8/Rubeus
Trying to tame the three-headed dog.
an0x03e8/Rust-for-Malware-Development
This repository contains my complete resources and coding practices for malware development using Rust 🦀.
an0x03e8/RustRedOps
🦀 | RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Rust programming language.
an0x03e8/Shelter
ROP-based sleep obfuscation to evade memory scanners
an0x03e8/SourcePoint
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
an0x03e8/Tartarus-TpAllocInject
an0x03e8/TeamsPhisher
Send phishing messages and attachments to Microsoft Teams users
an0x03e8/Unwinder
Another approach to thread stack spoofing.
an0x03e8/windows-service-rs
Windows services in Rust
an0x03e8/windows-vs-linux-loader-architecture
Side-by-side comparison of the Windows and Linux (GNU) Loaders
an0x03e8/xfsc
eXtensions for Financial Services (XFS) proof of concept client to explore and issue commands directly to the devices that support the protocol. Force ATMs to dispense cash if you have code execution on them.