Pinned Repositories
concealed_position
Bring your own print driver privilege escalation tool
GhidraSnippets
Python snippets for Ghidra's Program and Decompiler APIs
kdmapper
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
kernel_callbacks
Bypasses for Windows kernel callbacks PatchGuard protection
mdm
Windows MDM Research Utilities
MDMatador
MDM-based Agentless C2 System
memhunter
Live hunting of code injection techniques
nanodump
Dump LSASS like you mean it
presentations
This is a curated collection of resources and materials from various talks, presentations, and workshops that I have conducted
sysmonx
SysmonX - An Augmented Drop-In Replacement of Sysmon
marcosd4h's Repositories
marcosd4h/GhidraSnippets
Python snippets for Ghidra's Program and Decompiler APIs
marcosd4h/moneta
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
marcosd4h/CheekyBlinder
Enumerating and removing kernel callbacks using signed vulnerable drivers
marcosd4h/Crinkler
Crinkler is an executable file compressor (or rather, a compressing linker) for Windows for compressing small demoscene executables. As of 2020, it is the most widely used tool for compressing 1k/4k/8k intros.
marcosd4h/delete-self-poc
A way to delete a locked file, or current running executable, on disk.
marcosd4h/FOLIAGE
Experiment on reproducing Obfuscate & Sleep
marcosd4h/hookbong
Detect hooks inside a loaded process.
marcosd4h/HookDump
Security product hook detection
marcosd4h/impacket_static_binaries
Standalone binaries for Linux/Windows of Impacket's examples
marcosd4h/InterProcessCommunication-Samples
Some Code Samples for Windows based Inter-Process-Communication (IPC)
marcosd4h/printjacker
Hijack Printconfig.dll to execute shellcode
marcosd4h/sakeInject
Windows PE - TLS (Thread Local Storage) Injector in C/C++
marcosd4h/TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
marcosd4h/WinDefend_ZeroDay
lol MS
marcosd4h/Extensible-Storage-Engine
ESE is an embedded / ISAM-based database engine, that provides rudimentary table and indexed access. However the library provides many other strongly layered and and thus reusable sub-facilities as well: A Synchronization / Locking library, a Data-structures / STL-like library, an OS-abstraction layer, and a Cache Manager, as well the full blown database engine itself
marcosd4h/FileTest
Source code for File Test - Interactive File System Test Tool
marcosd4h/IOXIDResolver
IOXIDResolver.py from AirBus Security
marcosd4h/KSOCKET
KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK
marcosd4h/LogicalAnalyzer
Logical Analyzer is a C# library for determining if Rules apply to provided Objects
marcosd4h/malware
Malware Samples. Uploaded to GitHub for those want to analyse the code. Code mostly from: http://www.malwaretech.com
marcosd4h/NTLib
Headers for linking your software with ntdll.dll
marcosd4h/openprocmon
open source process monitor
marcosd4h/reactos
A free Windows-compatible Operating System
marcosd4h/sandboxtank
Windows sandbox using buildins functions
marcosd4h/SharpEDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
marcosd4h/shellcodeloader-1
shellcodeloader
marcosd4h/vulnerable-AD
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
marcosd4h/wil
Windows Implementation Library
marcosd4h/WindowsExploitationResources
Resources for Windows exploit development
marcosd4h/winsilo
Windows Server Container Experiments