Pinned Repositories
burp-extension-training
Burp Extension Training
o365-attack-toolkit
A toolkit to attack Office365
WKPExercises
Exercises from Windows Kernel Programming(2019) by Pavel Yosifovich
sunnyneo's Repositories
sunnyneo/AutoFunkt
Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles
sunnyneo/avred
Analyse your malware to chirurgicaly obfuscate it
sunnyneo/BOFMask
sunnyneo/CallstackSpoofingPOC
C++ self-Injecting dropper based on various EDR evasion techniques.
sunnyneo/Caro-Kann
Encrypted shellcode Injection to avoid Kernel triggered memory scans
sunnyneo/CreateRemoteThreadPlus
CreateRemoteThread: how to pass multiple parameters to the remote thread function without shellcode.
sunnyneo/DavRelayUp
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
sunnyneo/DllNotificationInjection
A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.
sunnyneo/Docker-C3
Example of running C3 (https://github.com/FSecureLABS/C3) in a Docker container
sunnyneo/EPI
Process injection through entry points hijacking.
sunnyneo/EvtPsst
EvtPsst
sunnyneo/GhostFart
sunnyneo/gonut
Generator of https://github.com/TheWover/donut in pure Go. supports compression, AMSI/WLDP/ETW bypass, etc.
sunnyneo/Havoc
The Havoc Framework
sunnyneo/mhydeath
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
sunnyneo/PageSplit
Splitting and executing shellcode across multiple pages
sunnyneo/PatchlessCLRLoader
.NET assembly loader with patchless AMSI and ETW bypass
sunnyneo/PatchlessInlineExecute-Assembly
Porting of InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
sunnyneo/perfect-loader
Load a dynamic library from memory by modifying the native Windows loader
sunnyneo/Periscope
Fully Integrated Adversarial Operations Toolkit (C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation)
sunnyneo/PHISHLET-EVILGINX3
PHISHLET [EVILGINX3] Settings for phishing sites are written in the yaml language. This is a long development of my collection that I have been working on for the last 3 months due to changes in site security rules in particular scripts for bypassing the CloudFlare security. 🙌 I PRESENT to you my collection from the sites : 1Password / Binance
sunnyneo/preboot
Experiment with d_olex's firmware and conducting "preboot" attack
sunnyneo/Presentations
Slides and Such
sunnyneo/process-cloning
The Definitive Guide To Process Cloning on Windows
sunnyneo/RecycledInjector
Native Syscalls Shellcode Injector
sunnyneo/sccmhunter
sunnyneo/SharpShares
Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain
sunnyneo/ShellGhost
A memory-based evasion technique which makes shellcode invisible from process start to end.
sunnyneo/smbcrawler
smbcrawler is no-nonsense tool that takes credentials and a list of hosts and 'crawls' (or 'spiders') through those shares
sunnyneo/WMIExec
Set of python scripts which perform different ways of command execution via WMI protocol.