luom's Stars
HavocFramework/Havoc
The Havoc Framework.
AdnanHodzic/auto-cpufreq
Automatic CPU speed & power optimizer for Linux
Ponderfly/GoogleTranslateIpCheck
wavestone-cdt/EDRSandblast
zhboner/realm
A network relay tool
tsale/EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
dropbox/dbxcli
A command line client for Dropbox built using the Go SDK
bluesadi/Pluto
Obfuscator based on LLVM 14.0.6
myzxcg/RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
anthemtotheego/InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
FDlucifer/Proxy-Attackchain
Proxylogon & Proxyshell & Proxyoracle & Proxytoken & All exchange server history vulns summarization :)
Mr-Un1k0d3r/.NetConfigLoader
.net config loader
KomiMoe/Arkari
Yet another llvm based obfuscator based on goron.
reveng007/SharpGmailC2
Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol
zer0condition/NVDrv
Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
repnz/autochk-rootkit
Reverse engineered source code of the autochk rootkit
SaadAhla/ntdlll-unhooking-collection
different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)
fortra/hw-call-stack
Use hardware breakpoints to spoof the call stack for both syscalls and API calls
Mr-Un1k0d3r/Elevate-System-Trusted-BOF
Laokoon-SecurITy/Cortex-XDR-Config-Extractor
Cortex XDR Config Extractor
RedTeamOperations/Journey-to-McAfee
Oxygen1a1/callstack_spoof
sfewer-r7/CVE-2023-27532
Exploit for CVE-2023-27532 against Veeam Backup & Replication
realoriginal/angryorchard
A kernel vulnerability used to achieve arbitrary read-write on Windows prior to July 2022
veritas501/ToyObfuscator
Toy LLVM obfuscator pass
otris/ews-cpp
A C++11 header-only library for Microsoft Exchange Web Services
ProcessusT/PsNotifRoutineUnloader
This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection
Raymai97/SuperCMD
Run program as SYSTEM, with TrustedInstaller token if desired
tigros/HookTools
Plugin for Process Hacker 2 ( https://github.com/processhacker2 ), displays system hooks and able to unhook too.
MustangYM/ShelbyObfuscator
Obfuscator for llvm 16.0.2