r00t-3xp10it
"Be a hacker not a criminal"... Pentester | IT enthusiastic | blogger
@Suspicious-Shell-ActivityLisbon - portugal
r00t-3xp10it's Stars
gtworek/PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual.
PhrozenIO/PowerRemoteDesktop
Remote Desktop entirely coded in PowerShell.
kozmer/log4j-shell-poc
A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
bytecode77/r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
Dec0ne/KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
rootsecdev/Azure-Red-Team
Azure Security Resources and Notes
Flangvik/NetLoader
Loads any C# binary in mem, patching AMSI + ETW.
t3l3machus/PowerShell-Obfuscation-Bible
A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
klezVirus/CheeseTools
Self-developed tools for Lateral Movement/Code Execution
pwn1sher/KillDefender
A small POC to make defender useless by removing its token privileges and lowering the token integrity
mgeeky/Stracciatella
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
boku7/azureOutlookC2
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
nettitude/SharpWSUS
abdulkadir-gungor/JPGtoMalware
It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganography methods. However, since the payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the "garbage code insertion/dead-code insertion" method to prevent the payload from being caught by the antivirus at runtime.
ShutdownRepo/smartbrute
Password spraying and bruteforcing tool for Active Directory Domain Services
surya-dev-singh/BITB-framwork
PSGumshoe/PSGumshoe
Wra7h/SharpGhosting
Process Ghosting in C#
APTortellini/DefenderSwitch
Stop Windows Defender using the Win32 API
Wh04m1001/IDiagnosticProfileUAC
sailay1996/SpoolTrigger
Weaponizing for privileged file writes bugs with PrintNotify Service
DoctorLai/VBScript_Obfuscator
The VBScript Obfuscator written in VBScript
plackyhacker/CmdLineSpoofer
How to spoof the command line when spawning a new process from C#.
martinsohn/PowerShell-reverse-shell
Reverse TCP shell in PowerShell for fun. Made in spring 2020 with inspiration from (and a few fixes to) samratashok/nishang Invoke-PowerShellTcp.ps1 and https://cyberwardog.blogspot.com/2016/08/poweshell-encrypt-tcp-client-server.html
guillaC/BatchObfuscator
Obfuscator for batch script
Dfte/Impersonate
Binary and CrackMapExec module to impersonate tokens on a windows machine
boh/RedBlueNotes
Personal notes from Red teamer for Blue/Red/Purple.
ricardojba/noPac
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
Dec0ne/AMS-BP
AMSI Bypass for powershell
Orange-Cyberdefense/leHACK-2022