Pinned Repositories
concealed_position
Bring your own print driver privilege escalation tool
GhidraSnippets
Python snippets for Ghidra's Program and Decompiler APIs
kdmapper
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
kernel_callbacks
Bypasses for Windows kernel callbacks PatchGuard protection
mdm
Windows MDM Research Utilities
MDMatador
MDM-based Agentless C2 System
memhunter
Live hunting of code injection techniques
nanodump
Dump LSASS like you mean it
presentations
This is a curated collection of resources and materials from various talks, presentations, and workshops that I have conducted
sysmonx
SysmonX - An Augmented Drop-In Replacement of Sysmon
marcosd4h's Repositories
marcosd4h/MDMatador
MDM-based Agentless C2 System
marcosd4h/mdm
Windows MDM Research Utilities
marcosd4h/Cheat-loader-base
marcosd4h/com_inject
marcosd4h/presentations
This is a curated collection of resources and materials from various talks, presentations, and workshops that I have conducted
marcosd4h/Alcatraz
x64 binary obfuscator
marcosd4h/angryorchard-original
Original proof of concept I submitted to brokers demonstrating the vulnerability in hopes of getting rid of it.
marcosd4h/be-injector
marcosd4h/BokuLoader
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. By: @0xBoku & @s4ntiago_p
marcosd4h/C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
marcosd4h/COM-Explained
marcosd4h/crypto_windows_asn1
Fork of Golang std crypto library
marcosd4h/CustomKeyboardLayoutPersistence
Achieve execution using a custom keyboard layout
marcosd4h/EVTX-ETW-Resources
Event Tracing For Windows (ETW) Resources
marcosd4h/fleet
Open-source device management for IT and security teams with thousands of laptops and servers. (macOS, Windows, Linux, ChromeOS, AWS, Google Cloud, Azure, data center, containers)
marcosd4h/ghidra_scripts
Scripts from Ghidra Golf competitions
marcosd4h/go
The Go programming language
marcosd4h/LeakedHandlesFinder
Leaked Windows processes handles identification tool
marcosd4h/miniz
miniz: Single C source file zlib-replacement library, originally from code.google.com/p/miniz
marcosd4h/osquery
SQL powered operating system instrumentation, monitoring, and analytics.
marcosd4h/Pentest-Windows
Windows internals and exploitation tricks
marcosd4h/ping_osquery_extension
A small osquery extension to ping hosts through ICMP echo request/reply messages
marcosd4h/PrivFu
Kernel mode WinDbg extension and PoCs for token privilege investigation.
marcosd4h/resym
Cross-platform tool that allows browsing and extracting C and C++ type declarations from PDB files.
marcosd4h/RpcInvestigator
Temporary repo for fleshing out a tool to explore RPC interfaces on Windows
marcosd4h/RPCMon
RPC Monitor tool based on Event Tracing for Windows
marcosd4h/SandboxSecurityTools
Security testing tools for Windows sandboxing technologies
marcosd4h/TangledWinExec
PoCs and tools for investigation of Windows process execution techniques
marcosd4h/TelemetrySource
marcosd4h/TickTock