reveng007

Seed

Pinned Repositories

AMSI-patches-learned-till-now
I have documented all of the AMSI patches that I learned till now
Language:C++68 4 011
C2_Server
C2 server to connect to a victim machine via reverse shell
Language:Python50 2 018
DareDevil
Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10
Language:C#37 3 18
DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
Language:C610 12 181
Learning-EDR-and-EDR_Evasion
I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning path for me.
Language:C++266 8 031
ReflectiveNtdll
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
Language:C168 4 023
reveng_loader
C# loader capable of running stage-1 from remote url, file path as well as file share
Language:C#14 2 05
reveng_rtkit
Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
Language:C240 11 1152
SharpGmailC2
Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol
Language:C#258 10 246

reveng007's Repositories

reveng007/DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
Language:C610 12 181
reveng007/Learning-EDR-and-EDR_Evasion
I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning path for me.
Language:C++266 8 031
reveng007/SharpGmailC2
Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol
Language:C#258 10 246
reveng007/reveng_rtkit
Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
Language:C240 11 1152
reveng007/ReflectiveNtdll
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
Language:C168 4 023
reveng007/AMSI-patches-learned-till-now
I have documented all of the AMSI patches that I learned till now
Language:C++68 4 011
reveng007/reveng_loader
C# loader capable of running stage-1 from remote url, file path as well as file share
Language:C#14 2 05
reveng007/ETW_patches_from_userMode_learned_till_now
ETW patches from userMode learned till now
Language:C++10 4 03
reveng007/Executable_Files
Database for custom made as well as publicly available stage-2 or beacons or stageless payloads, used by loaders/stage-1/stagers, or for further usage of C2 as well
Language:PowerShell9 2 02
reveng007/AQUARMOURY
My musings in C and offensive tooling
Language:C6 1 0
reveng007/VulnCon-WorkShop-Slides
VulnCon WorkShop - Maldev Workshop : Offensive TradeCraft - Syscalls to Stack Spoofing
5 1 01
reveng007/Red_Team_Code_Snippets
random code snippets, useful for getting started
Language:C++3 1 0
reveng007/Jomungand-HWBP-MemScanEvade
Shellcode Loader with memory evasion
Language:C++2 1 0
reveng007/RemoveFalsePositives
Just a small python script which spits out unsigned char representation for Hooked Underlying Ntapis (Which are False Positives) , for c/cpp Usage
Language:Python2 2 02
reveng007/Tartarus-TpAllocInject
Language:C++2 1 0
reveng007/.NetConfigLoader-MA
.net config loader
1 1 0
reveng007/BEAR
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha to secure communication between the payload and the operator machine.
11
reveng007/D1rkSleep
Improved version of EKKO by @5pider that Encrypts only Image Sections
Language:C++1 1 0
reveng007/HeapCrypt
Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap
Language:C++1 1 0
reveng007/KrakenMask
Sleep obfuscation
Language:C++1 1 0
reveng007/reveng007
1 2 01
reveng007/reveng007.github.io
1 2 01
reveng007/Windows-Internals
Important notes and topics on my journey towards mastering Windows Internals
Language:C++1 1 01
reveng007/BlockOpenHandle
Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners
Language:C++1 0
reveng007/blog
Language:HTML2 01
reveng007/Cronos-MemoryScanEvasion
PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners.
Language:C1 0
reveng007/DetectCobaltStomp
Detects Module Stomping as implemented by Cobalt Strike
Language:C1 0
reveng007/dploot-PostExp.py
DPAPI looting remotely in Python
Language:Python1 0
reveng007/NightmangleTelegramC2
Language:Rust1 0
reveng007/StackCrypt
Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume threads
Language:C++1 0