med0x2e
RedTeamer & Security Researcher, used to be a Software Engineer/Developer, Manga/Anime Otaku
Yo.127.0.0.1
Pinned Repositories
ExecuteAssembly
Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).
GadgetToJScript
A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
genxlm
A simple script to generate JScript code for calling Win32 API functions using XLM/Excel 4.0 macros via Excel.Application "ExecuteExcel4Macro"
NET-Assembly-Inject-Remote
.NET assembly local/remote loading/injection into memory.
NoAmci
Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
NTLMRelay2Self
An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
RT-EWS
A Powershell module including a couple of cmdlets for EWS Enum/Exploitation.
SigFlip
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
vba2clr
Running .NET from VBA
med0x2e's Repositories
med0x2e/SigFlip
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
med0x2e/GadgetToJScript
A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
med0x2e/ExecuteAssembly
Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).
med0x2e/NTLMRelay2Self
An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
med0x2e/NoAmci
Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
med0x2e/vba2clr
Running .NET from VBA
med0x2e/NET-Assembly-Inject-Remote
.NET assembly local/remote loading/injection into memory.
med0x2e/genxlm
A simple script to generate JScript code for calling Win32 API functions using XLM/Excel 4.0 macros via Excel.Application "ExecuteExcel4Macro"
med0x2e/RT-EWS
A Powershell module including a couple of cmdlets for EWS Enum/Exploitation.
med0x2e/CSharpScripts
Collection of C# scripts
med0x2e/SharpView
C# implementation of harmj0y's PowerView
med0x2e/ProcessHider
Post-exploitation tool for hiding processes from monitoring applications
med0x2e/Scrncat
A script using OCR (pytesseract) and PIL to rename/order/group Screenshots into PR/RT phases based on which RT/PT stage executed commands correspond to & Redact passwords based on common password patterns (Regex) or a passwords/hashes list of choice.
med0x2e/DidierStevensSuite
Please no pull requests for this repository. Thanks!
med0x2e/elk-detection-lab
An ELK environment containing interesting security datasets.
med0x2e/ICS-Security-Tools
Tools, tips, tricks, and more for exploring ICS Security.
med0x2e/maruos
Your phone is your PC.