eaglesquads
Analyzing unkown malware . . . . Including: Rootkit Modules Tables and unkown encryption
somewhere in the digital era... I think?, I hope so.
Pinned Repositories
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
awesome-security
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
DoublePulsar
The DoublePulsar Framework and all its components
Incredibly_Interesting_Math
Math, Math, Math everywhere, MATH FOR EVERYONE! (No but srlsy- You will get "hooked" like a library used in code and software if you read this)
Meltdown-PoC-Windows
Source from https://twitter.com/pwnallthethings. Compiled in VS 2013
r77-rootkit
Ring 3 Rootkit DLL
SMB-CVE
CVE listings for Windows SMB vulnerabilities
spectre-attack
Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)
stuxnet-source-code
this is the source code of the stuxnet virus only for educational purpose or malware analysic
TOP-BEST-GITHUB-INFOSEC-PAGES
The very, (VERY) - Best, extremely well informing & detailed Github Users & Githbu Pages |!NOTE!| THIS IS ONLY MY OPINION! It's also made only for myself, soo.. But feel free to contribute! |!NOTE!|
eaglesquads's Repositories
eaglesquads/AV_Kernel_Vulns
Pocs for Antivirus Software‘s Kernel Vulnerabilities
eaglesquads/ExpDiff
Diff tool for comparing export tables in PE images
eaglesquads/puppetstrings
Hitch a free ride to Ring 0 on Windows
eaglesquads/Random
Pseudo Random Number Generator
eaglesquads/RandomPS-Scripts
Random PowerShell scripts
eaglesquads/RunShellcode
.NET GUI program that runs shellcode
eaglesquads/ThreadContinue
Reflective DLL injection using SetThreadContext() and NtContinue()
eaglesquads/windows_kernel_address_leaks
Examples of leaking Kernel Mode information from User Mode on Windows
eaglesquads/ARS
Decrypted content of eqgrp-auction-file.tar.xz
eaglesquads/awesome-cve-poc
✍️ A curated list of CVE PoCs.
eaglesquads/ComputePrngTest
A simple test project for a pseudo random number generator designed for compute shaders.
eaglesquads/defcon-25-workshop
Windows Post-Exploitation / Malware Forward Engineering DEF CON 25 Workshop
eaglesquads/ecc
An eliptic curve crypto system, for academic purporses.
eaglesquads/ecchat
Eliptic Curve Chat System
eaglesquads/envisioncollision
Getting Envisioncollision to actually work.
eaglesquads/EQGRP_Monthly
EQGRP Monthly Leaks
eaglesquads/Invoke-ProcessScan
Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.
eaglesquads/malcom
Malcom - Malware Communications Analyzer
eaglesquads/mersenne-twister
This Mersenne Twister is a fast pseudo-random number generator (PRNG) in C++
eaglesquads/ms17-010-Scanner
eaglesquads/MS17-010_Protection_Validator
Mass system scanner to validate protection against threats addressed by MS17-010
eaglesquads/MS17010Test
MS17-010 Tester
eaglesquads/open-myrtus
RCEed version of computer malware / rootkit MyRTUs / Stuxnet.
eaglesquads/phook
Full DLL Hooking, phrack 65
eaglesquads/random-1
random number generator
eaglesquads/RandomNumberGenerator-1
eaglesquads/RandomNumberGenerator-3
The second needy module by McDude
eaglesquads/Red-Team-Infrastructure-Wiki
Wiki to collect Red Team infrastructure hardening resources
eaglesquads/RNG
A simple state-of-the-art C++ random number generator
eaglesquads/ShadowBrokers-NSA-Mirror
https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation # Exploits - **EARLYSHOVEL** RedHat 7.0 - 7.1 Sendmail 8.11.x exploit - **EBBISLAND (EBBSHAVE)** root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86. - **ECHOWRECKER** remote Samba 3.0.x Linux exploit. - **EASYBEE** appears to be an MDaemon email server vulnerability - **EASYFUN** EasyFun 2.2.0 Exploit for WDaemon / IIS MDaemon/WorldClient pre 9.5.6 - **EASYPI** is an IBM Lotus Notes exploit that gets detected as Stuxnet - **EWOKFRENZY** is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2 - **EXPLODINGCAN** is an IIS 6.0 exploit that creates a remote backdoor - **ETERNALROMANCE** is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010) - **EDUCATEDSCHOLAR** is a SMB exploit (MS09-050) - **EMERALDTHREAD** is a SMB exploit for Windows XP and Server 2003 (MS10-061) - **EMPHASISMINE** is a remote IMAP exploit for IBM Lotus Domino 6.6.4 to 8.5.2 - **ENGLISHMANSDENTIST** sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users - **EPICHERO** 0-day exploit (RCE) for Avaya Call Server - **ERRATICGOPHER** is a SMBv1 exploit targeting Windows XP and Server 2003 - **ETERNALSYNERGY** is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17-010) - **ETERNALBLUE is** a SMBv2 exploit for Windows 7 SP1 (MS17-010) - **ETERNALCHAMPION** is a SMBv1 exploit - **ESKIMOROLL** is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers - **ESTEEMAUDIT** is an RDP exploit and backdoor for Windows Server 2003 - **ECLIPSEDWING** is an RCE exploit for the Server service in Windows Server 2008 and later (MS08-067) - **ETRE** is an exploit for IMail 8.10 to 8.22 - **ETCETERABLUE** is an exploit for IMail 7.04 to 8.05 - **FUZZBUNCH** is an exploit framework, similar to MetaSploit - **ODDJOB** is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors - **EXPIREDPAYCHECK** IIS6 exploit - **EAGERLEVER** NBT/SMB exploit for Windows NT4.0, 2000, XP SP1 & SP2, 2003 SP1 & Base Release - **EASYFUN** WordClient / IIS6.0 exploit - **ESSAYKEYNOTE** - **EVADEFRED** # Utilities - **PASSFREELY** utility which "Bypasses authentication for Oracle servers" - **SMBTOUCH** check if the target is vulnerable to samba exploits like ETERNALSYNERGY, ETERNALBLUE, ETERNALROMANCE - **ERRATICGOPHERTOUCH** Check if the target is running some RPC - **IISTOUCH** check if the running IIS version is vulnerable - **RPCOUTCH** get info about windows via RPC - **DOPU** used to connect to machines exploited by ETERNALCHAMPIONS - **NAMEDPIPETOUCH** Utility to test for a predefined list of named pipes, mostly AV detection. User can add checks for custom named pipes.