Pinned Repositories
0cchext
0CCh Windbg extension: include some useful commands
1195777-chrome0day
996.ICU
Repo for counting stars and contributing. Press F to pay respect to glorious developers.
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
AFL
american fuzzy lop - a security-oriented fuzzer
android-advanced-decode
《Android进阶解密》源码
FuzzingPaper
Recent Fuzzing Paper
grdp
pure GoLang RDP client
openedr
Open EDR public repository
qemu-rpi-kernel
Qemu kernel for emulating Rpi on QEMU
yanshu911's Repositories
yanshu911/FakeTLS
Client/server code that impersonates TLS 1.3 to disguise C2 activity.
yanshu911/boopkit
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
yanshu911/TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
yanshu911/impacket
Impacket is a collection of Python classes for working with network protocols.
yanshu911/EDR-Bypass-demo
Some demos to bypass EDRs or AVs by 78itsT3@m
yanshu911/hide_execute_memory
隐藏可执行内存
yanshu911/SQLRecon
A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
yanshu911/x64dbg-Plugin-Manager
Plugin manager for x64dbg
yanshu911/x64dbg
An open-source x64/x32 debugger for windows.
yanshu911/ShellcodeFluctuation
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
yanshu911/ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
yanshu911/follina.py
Quick POC to replicate the 'Follina' Office RCE vulnerability for local testing purposes
yanshu911/NtCreateUserProcess
Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html
yanshu911/bpf_study
bpf 学习仓库
yanshu911/Defeat-Defender-V1.2
Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
yanshu911/ue4-processevent-intercept
Intercept ProcessEvent calls on any game object (Unreal Engine 4)
yanshu911/com_inject
yanshu911/Frida-Seccomp
一个Android通用svc跟踪以及hook方案——Frida-Seccomp
yanshu911/CVE-2022-0847-DirtyPipe-Exploit
A root exploit for CVE-2022-0847
yanshu911/rpcfirewall
yanshu911/ratel
命令行斗地主!
yanshu911/PS5-Webkit-Execution
ROP userland execution for PS5 (4.03)
yanshu911/CVE-2021-4034
CVE-2021-4034 1day
yanshu911/RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
yanshu911/SharpInjector
Flexible C# shellcode runner
yanshu911/ShadowSteal
Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation
yanshu911/Ivy
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
yanshu911/LateRegistration
Linux Kernel Snapshot Fuzzer using KVM
yanshu911/CVE-2021-43224-POC
Windows Common Log File System Driver POC
yanshu911/RogueAssemblyHunter
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.