mgeeky
🔴 Red Team operator. 👾 I live & breath Windows malware. 🛡️ Securing the world by stealing cyber criminals' operation theater and exposing it through code
Binary-Offensive.comPoland
Pinned Repositories
cobalt-arsenal
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
decode-spam-headers
A script that helps you understand why your E-Mail ended up in Spam
ElusiveMice
Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
PackMyPayload
A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX
Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
ProtectMyTooling
Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.
RedWarden
Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
ShellcodeFluctuation
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
Stracciatella
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
mgeeky's Repositories
mgeeky/Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
mgeeky/ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
mgeeky/cobalt-arsenal
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
mgeeky/ShellcodeFluctuation
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
mgeeky/RedWarden
Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
mgeeky/ProtectMyTooling
Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.
mgeeky/PackMyPayload
A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX
mgeeky/decode-spam-headers
A script that helps you understand why your E-Mail ended up in Spam
mgeeky/Stracciatella
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
mgeeky/ElusiveMice
Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
mgeeky/tomcatWarDeployer
Apache Tomcat auto WAR deployment & pwning penetration testing tool.
mgeeky/UnhookMe
UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware
mgeeky/SharpWebServer
Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality
mgeeky/AzureRT
AzureRT - A Powershell module implementing various Azure Red Team tactics
mgeeky/expdevBadChars
Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.
mgeeky/msidump
MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
mgeeky/Exploit-Development-Tools
A bunch of my exploit development helper tools, collected in one place.
mgeeky/msi-shenanigans
Proof of Concept code and samples presenting emerging threat of MSI installer files.
mgeeky/PE-library
Lightweight Portable Executable parsing library and a demo peParser application.
mgeeky/CustomXMLPart
A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.
mgeeky/digitalocean-app-redirector
Reverse-HTTP Redirector via DigitalOcean Apps Platform
mgeeky/mgeeky
mgeeky/ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
mgeeky/Havoc
The Havoc Framework
mgeeky/PowerUpSQL
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
mgeeky/CS-Remote-OPs-BOF
mgeeky/DeathSleep
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
mgeeky/forensicsim
A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and reactions from a Microsoft Teams IndexedDB LevelDB database.
mgeeky/misc
miscellaneous scripts and programs
mgeeky/sleep_python_bridge
This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client. NOTE: This project is very much in BETA. The goal is to provide a playground for testing and is in no way an officially support feature. Perhaps this could be somethin