darksh3llRU's Stars
stephenfewer/ReflectiveDLLInjection
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
threatexpress/malleable-c2
Cobalt Strike Malleable C2 Design and Reference Guide
tsale/EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
vxunderground/VX-API
Collection of various malicious functionality to aid in malware development
netero1010/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
winsiderss/phnt
Native API header files for the System Informer project.
XiaoliChan/wmiexec-Pro
New generation of wmiexec.py
fiddyschmitt/File-Tunnel
Tunnel TCP connections through a file
reveng007/DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
CICADA8-Research/RemoteKrbRelay
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
Slowerzs/ThievingFox
bohops/UltimateWDACBypassList
A centralized resource for previously documented WDAC bypass techniques
ambionics/cnext-exploits
Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()
Plazmaz/LNKUp
Generates malicious LNK file payloads for data exfiltration
lypd0/DeadPotato
DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the original GodPotato source code by BeichenDream.
WithSecureLabs/lolcerts
A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors
zer1t0/certi
ADCS abuser
tykawaii98/CVE-2024-30088
decoder-it/ADCSCoercePotato
Gr1mmie/AtlasC2
C# C2 Framework centered around Stage 1 operations
MzHmO/Parasite-Invoke
Hide your P/Invoke signatures through other people's signed assemblies
mandiant/ccmpwn
VoldeSec/PatchlessInlineExecute-Assembly
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
rasta-mouse/DInvoke
Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.
Wh04m1001/CVE-2024-20656
sinsinology/CVE-2024-29849
Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849)
vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC
Apache Solr Backup/Restore APIs RCE Poc (CVE-2023-50386)
nettitude/SharpConflux
SecTheBit/MalDevelopment
All my POC related to malware development
gsfish/rips-docker
Docker image for RIPS 0.55