yanshu911

yanshu911's Stars

• numencyber/Vulnerability_PoC

  Language:C++32080

• trickest/cve

  Gather and update all available and newest CVEs with their PoC.

  Language:HTML6.6k836

• jart/blink

  tiniest x86-64-linux emulator

  Language:C7k222

• Mr-Un1k0d3r/EDRs

  Language:C2k348

• stephenfewer/ReflectiveDLLInjection

  Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

  Language:C2.8k778

• mgeeky/ShellcodeFluctuation

  An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

  Language:C++942155

• mgeeky/ThreadStackSpoofer

  Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

  Language:C++1k176

• hlldz/RefleXXion

  RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.

  Language:C++482104

• klezVirus/SysWhispers3

  SysWhispers on Steroids - AV/EDR evasion via direct system calls.

  Language:Python1.3k170

• jthuraisamy/SysWhispers2

  AV/EDR evasion via direct system calls.

  Language:Assembly1.5k234

• xuanxuan0/DripLoader

  Evasive shellcode loader for bypassing event-based injection detection (PoC)

  Language:C++715117

• 7BitsTeam/EDR-Bypass-demo

  Some demos to bypass EDRs or AVs by 78itsT3@m

  Language:C34359

• Tw1sm/SharpInjector

  Flexible C# shellcode runner

  Language:C#377

• Arno0x/ShellcodeWrapper

  Shellcode wrapper with encryption for multiple target languages

  Language:Python434121

• bluesadi/Heavens-Gate

  Heaven's Gate implementation in C for constructing x64 Win32 API call in x86 WoW64 processes.

  Language:C++6718

• rwfpl/rewolf-wow64ext

  Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.

  Language:C++938298

• swwwolf/wdbgark

  WinDBG Anti-RootKit Extension

  Language:C++615178

• AxtMueller/Windows-Kernel-Explorer

  A free but powerful Windows kernel research tool.

  2.4k573

• ClownQq/YDArk

  X64内核小工具

  1.2k211

• antiwar3/py

  飘云ark（pyark）

  Language:C43665

• its-arun/CVE-2022-39197

  CobaltStrike <= 4.7.1 RCE

  Language:Python37677

• nettitude/PoshC2

  A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

  Language:PowerShell1.8k326

• mandiant/flare-fakenet-ng

  FakeNet-NG - Next Generation Dynamic Network Analysis Tool

  Language:Python1.8k359

• DissectMalware/XLMMacroDeobfuscator

  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)

  Language:Python572115

• capt-meelo/NtCreateUserProcess

  Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html

  Language:C12527

• hasherezade/hollows_hunter

  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

  Language:C2k255

• hzqst/VmwareHardenedLoader

  Vmware Hardened VM detection mitigation loader (anti anti-vm)

  Language:C1.8k464

• SecLabResearchBV/CVE-2022-34718-PoC

  Language:Python4716

• HavocFramework/Havoc

  The Havoc Framework

  Language:Go6.9k962

• 78ResearchLab/PoC

  Language:Python12231