darksh3llRU

darksh3llRU's Stars

• stephenfewer/ReflectiveDLLInjection

  Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

  Language:C2.7k12715773

• threatexpress/malleable-c2

  Cobalt Strike Malleable C2 Design and Reference Guide

  1.6k4313297

• tsale/EDR-Telemetry

  This project aims to compare and evaluate the telemetry of various EDR products.

  Language:Python1.5k5429148

• vxunderground/VX-API

  Collection of various malicious functionality to aid in malware development

  Language:C++1.5k4513250

• netero1010/EDRSilencer

  A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

  Language:C1.1k139140

• winsiderss/phnt

  Native API header files for the System Informer project.

  Language:C1k3823169

• XiaoliChan/wmiexec-Pro

  New generation of wmiexec.py

  Language:Python983117119

• fiddyschmitt/File-Tunnel

  Tunnel TCP connections through a file

  Language:C#880123074

• reveng007/DarkWidow

  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

  Language:C53612175

• CICADA8-Research/RemoteKrbRelay

  Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework

  Language:C#4915279

• Slowerzs/ThievingFox

  Language:Python4869060

• bohops/UltimateWDACBypassList

  A centralized resource for previously documented WDAC bypass techniques

  47715268

• ambionics/cnext-exploits

  Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()

  Language:Python3958552

• Plazmaz/LNKUp

  Generates malicious LNK file payloads for data exfiltration

  Language:Python34817253

• lypd0/DeadPotato

  DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the original GodPotato source code by BeichenDream.

  Language:C#3205138

• WithSecureLabs/lolcerts

  A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors

  Language:YARA31911127

• zer1t0/certi

  ADCS abuser

  Language:Python2464430

• tykawaii98/CVE-2024-30088

  Language:C++2153247

• decoder-it/ADCSCoercePotato

  Language:C++2053129

• Gr1mmie/AtlasC2

  C# C2 Framework centered around Stage 1 operations

  Language:C#2045240

• MzHmO/Parasite-Invoke

  Hide your P/Invoke signatures through other people's signed assemblies

  Language:C#2005032

• mandiant/ccmpwn

  Language:Python1792021

• VoldeSec/PatchlessInlineExecute-Assembly

  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.

  Language:C1483021

• rasta-mouse/DInvoke

  Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.

  Language:C#1403022

• Wh04m1001/CVE-2024-20656

  Language:C++1264028

• sinsinology/CVE-2024-29849

  Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849)

  Language:Python842016

• vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC

  Apache Solr Backup/Restore APIs RCE Poc (CVE-2023-50386)

  Language:Java64205

• nettitude/SharpConflux

  Language:C#63609

• SecTheBit/MalDevelopment

  All my POC related to malware development

  Language:C11200

• gsfish/rips-docker

  Docker image for RIPS 0.55

  Language:Dockerfile5100