Pinned Repositories
BouncyGate
HellsGate in Nim, but making sure that all syscalls go through NTDLL.DLL (as in RecycledGate).
DropSpawn_BOF
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
Embedder
Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
ModuleShifting
Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctypes
ProcessStomping
A variation of ProcessOverwriting to execute shellcode on an executable's section
Pyramid
a tool to help operate in EDRs' blind spots
python-bof-runner
Python inline shellcode injector that could be used to run BOFs by leveraging BOF2shellcode
PythonMemoryModule
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
talks
Repo containing my public talks
UnhookingPatch
Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
naksyn's Repositories
naksyn/Pyramid
a tool to help operate in EDRs' blind spots
naksyn/PythonMemoryModule
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
naksyn/ProcessStomping
A variation of ProcessOverwriting to execute shellcode on an executable's section
naksyn/Embedder
Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
naksyn/ModuleShifting
Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctypes
naksyn/talks
Repo containing my public talks
naksyn/python-bof-runner
Python inline shellcode injector that could be used to run BOFs by leveraging BOF2shellcode
naksyn/UnhookingPatch
Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
naksyn/BouncyGate
HellsGate in Nim, but making sure that all syscalls go through NTDLL.DLL (as in RecycledGate).
naksyn/DropSpawn_BOF
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
naksyn/GregsBestFriend
GregsBestFriend process injection code created from the White Knight Labs Offensive Development course
naksyn/krblist
Old post-ex for listing kerberos tickets. A terribly written clone of `klist`
naksyn/beacon
Former attempt at creating a independent Cobalt Strike Beacon
naksyn/DarkLoadLibrary
LoadLibrary for offensive operations
naksyn/DInjector
Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
naksyn/FilelessRemotePE
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
naksyn/FOLIAGE
Public variation of FOLIAGE ( original developer )
naksyn/GOAD
game of active directory
naksyn/grimreaper
A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls
naksyn/Havoc
The Havoc Framework
naksyn/krbdump
A way to extract tickets in case I need to purge and restore tickets on the fly.
naksyn/OffensivePipeline
OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.
naksyn/RWX-Dlls-for-manual-mapping
Here are a few rwx dlls your can use to manual map your cheat dll, they will prob get checked soon...
naksyn/TitanLdr
Public variation of Titan Loader