Pinned Repositories
ADPT_Dll_Proxying
DLL proxying for lazy people
AndroidDriveSignity
AndroidDriveSignity is a Python utility designed to bypass driver signature verification in Android kernel(ARMv8.3), facilitating the loading of custom drivers
apkd
APK downloader from few sources
atexec-pro_impacket
Fileless atexec, no more need for port 445
AtomLdr
A DLL loader with advanced evasive features
AutoFunkt_C2
Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles
Chaos-Rootkit
x64 ring0 Rootkit with Process Hiding and Privilege Escalation Capabilities
ExplorerPersist
Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when it's get loaded into the explorer process , our malicoius code get executed
s4killer
gavz's Repositories
gavz/File-Tunnel
Tunnel TCP connections through a file
gavz/afl-frida-build
Ansible build for Afl++ Frida-Mode
gavz/ansible-havoc
Scripts I use to deploy Havoc on Linode and setup categorization and SSL
gavz/BenevolentLoader
Shellcode loader using direct syscalls via Hell's Gate and payload encryption.
gavz/Disable-TamperProtection_Defender
A POC to disable TamperProtection and other Defender / MDE components
gavz/DLest
Microsoft Windows DLL Export Browser (Enumerate Exports, COM Methods and Properties) with Advanced Search Features.
gavz/edr-internals
Tools for analyzing EDR agents
gavz/Evilginx-Phishing-Infra-Setup
Evilginx Phishing Engagement Infrastructure Setup Guide
gavz/GoRedOps
š¦« | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educational purpoeses only.
gavz/impacket-dcom
Adjusted version of the impacket-dcomexec script to work against Windows 10
gavz/Invoke-DumpMDEConfig_Defender
PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )
gavz/MDE_Enum_Defender
comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules without Admin privileges
gavz/Mergen_deobfuscation_llvm_ir
Deobfuscation via optimization with usage of LLVM IR and parsing assembly.
gavz/Misconfiguration-Manager
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
gavz/msi_installed_search
Just cpp version of msi_search which is useful for third party windows installer EoPs
gavz/my-payloads
gavz/OffensiveGolang
A collection of offensive Go packages inspired by different Go repositories.
gavz/oldboy21.github.io
PB
gavz/OneDorkForAll
An insane list of all dorks taken from everywhere from various different sources.
gavz/PassiveAggression_persistence_Active_Directory
Source code and examples for PassiveAggression
gavz/PWA-Phishing
gavz/RdpStrike
Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.
gavz/Shellcode-Hash-Collisions
Example code to generate hash collisions to defeat shellcode with weak hash algorithms
gavz/sliver_extension_uac_bypass_cmstp
Sliver extension to bypass UAC via cmstp written in rust
gavz/smbclient-ng
smbclient-ng, a fast and user friendly way to interact with SMB shares.
gavz/sqlmc
Official Kali Linux tool to check all urls of a domain for SQL injections :)
gavz/SteppingStones
A Red Team Activity Hub
gavz/thecus-firmware-decrypt
A few scripts to decrypt Thecus NAS firmware images
gavz/Voidgate_bypass_AV_EDR
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
gavz/wInspector
Inspector tools for windows