faanross's Stars
winsiderss/systeminformer
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
LordNoteworthy/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
byt3bl33d3r/OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
hasherezade/pe_to_shellcode
Converts PE into a shellcode
hasherezade/malware_training_vol1
Materials for Windows Malware Analysis training (volume 1)
ThreatHuntingProject/ThreatHunting
An informational repo about hunting for adversaries in your IT environment.
aahmad097/AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks
jstrosch/malware-samples
Malware samples, analysis exercises and other interesting resources.
FoxIO-LLC/ja4
JA4+ is a suite of network fingerprinting standards
winsiderss/phnt
Native API header files for the System Informer project.
SafeBreach-Labs/PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
werkamsus/Lilith
Lilith - Foundational reverse engineering resource for cybersecurity entrepreneurs in C++
RCStep/CSSG
Cobalt Strike Shellcode Generator
codewhitesec/HandleKatz
PIC lsass dumper using cloned handles
umutcamliyurt/PingRAT
PingRAT secretly passes C2 traffic through firewalls using ICMP payloads.
0xEr3bus/PoolPartyBof
A beacon object file implementation of PoolParty Process Injection Technique.
shogunlab/building-c2-implants-in-cpp
The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogun_lab).
ZeroMemoryEx/Handle-Ripper
simple Windows handle hijacker with a nod to Apxaey for inspiration
trustedsec/specula
jconwell/secret_handshake
A prototype malware C2 channel using x509 certificates over mTLS
gharty03/Conti-Ransomware
Full source of the Conti Ransomware Including the missing Locker files from the original leak. I have fixed some of the errors intentionally introduced by the leaker to prevent the locker from being built. The Queue header file which implements a few linked list data structures that Conti uses for task scheduling in the Threadpool had several missing commas, there are still errors which I believe to be the result of a missing #ifdef pre-processsor macro in one of the header files but haven't had time to find it. Will be uploading English Translated Documentation In the future
JLospinoso/cpp-implant
A simple implant showcasing modern C++
MSxDOS/ntapi
Rust FFI bindings for Native API
yottaawesome/programming-windows-5th-edition
Unofficial source code repo for Charles Petzold's Programming Windows 5th Edition.
wsummerhill/CSharp-Alt-Shellcode-Callbacks
A collection of (even more) alternative shellcode callback methods in CSharp
zodiacon/winnativeapibooksamples
Samples from my book Windows Native API programming
agreenjay/sysmon
A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data
stratosphereips/a-study-of-remote-access-trojans
This repository contains a curated list of papers, articles and other sources related to remote access trojans.
S12cybersecurity/RatInject
Rat Inject is C++ Executable to gain Undetectable Persistence in Windows via 4 Registry Keys
hemp3l/icmpsh
Simple Reverse ICMP Shell