zmkeh

London, UK

Pinned Repositories

2D-Injector
Hiding unsigned DLL inside a signed DLL
Language:C1 0 00
airflow
Apache Airflow - A platform to programmatically author, schedule, and monitor workflows
Language:Python1 0 00
APIHashReplace
Repository for API Hashing script detailed in the Huntress Blog
Language:Python1 0 00
automate-with-actions
This project is automate the reconnaissance process or process of information gathering about the target domain or company which host bug bounty program. You can run this whole Virtual Private Server but since i don't have any so i dig and found that GitHub will provide 2000 minute/month for running workflow in their virtual machine, they provide windows, mac and ubuntu as Linux distribution, for testing purpose of the development, so we integrate testing phase directly in development process, So i have create custom scripts and workflow file which run install all the necessary tools and run the appropriate scripts, the work is done by this workflow is subdomain enumeration, dns resolution, reverse-dns resolve, port-scanning of all the hosts,findig virtual hosts, fuzzing for content discovery, and run nuclei which is template based scanner by project discovery is to scan the host for any CVE and common vulnerabilities, you can add custom template and custom scripts, and finally Discord integration, so when some work is done it will send message to discord webhook url configure in it. For further details view Repository.
Language:Shell1 0 00
Botnet
Crazy Botnet in development
Language:C++1 0 00
chc-botnet
An implementation of the Calvert Hall Snowday Botnet, written in C. Original project: https://github.com/SpencerJ21/scraperBrokerServer
Language:C1 0 01
Ekko
Sleep Obfuscation
Language:C1 0 00
EyeWitness
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
Language:Python1 0 00
LOLDrivers
Living Off The Land Drivers
Language:Python2 0 00
mutante
Kernel-mode Windows HWID spoofer
Language:C++3 0 00

zmkeh's Repositories

zmkeh/AutoPwnKey
AutoPwnKey is a red teaming framework and testing tool using AutoHotKey (AHK), which at the time of creation proves to be quite evasive. It is our hope that this tool will be useful to red teams over the short term, while over the long term help AV/EDR vendors improve how they handle AHK scripts.
zmkeh/bof-modules
BOF for C2 framework
zmkeh/BypassIT
BypassIT is a framework for covert malware delivery and post-exploitation using AutoIT for red / blue team self assessment.
zmkeh/ComDotNetExploit
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
zmkeh/Counter-Strike-2-Cheats
Internal cheats for CS2
zmkeh/CVE-2024-30090
CVE-2024-30090 - LPE PoC
Language:C0 0
zmkeh/CVE-2025-21333-POC
Poc exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY
zmkeh/dll-proxy-generator
Generate a proxy dll for arbitrary dll
zmkeh/dll-universal-patcher
A universal binary patching dll.
zmkeh/DMA-FW-Guide-2.0
The last DMA CFW guide you will ever need.
zmkeh/eidos
Offline alternative to Notion. Eidos is an extensible framework for managing your personal data throughout your lifetime in one place.
zmkeh/excalidraw
Virtual whiteboard for sketching hand-drawn like diagrams
zmkeh/Fenrir
stack spoofing
zmkeh/InjectDll
Inject dll to process in driver
zmkeh/KernelCallbackTable-Injection-PoC
Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow
zmkeh/kovid-obfuscation-passes
A set of LLVM and GCC based plugins that perform code obfustaion.
zmkeh/libshell
An interactive shell library
zmkeh/Medusa
Radical Windows ARK
zmkeh/Mirage
Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
zmkeh/newFindWDK
CMake module for building drivers with Windows Development Kit (WDK)
Language:CMake0 0
zmkeh/nimplant-beacon-position-independent-c-code
A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.
zmkeh/obfus.h
Macro-header for compile-time C obfuscation (tcc, win x86/x64)
zmkeh/PPLrevenant
Bypass LSA protection using the BYODLL technique
zmkeh/qwindowkit
Cross-platform frameless window framework for Qt. Support Windows, macOS, Linux.
zmkeh/RE-GPT
Drawing inspiration from Andrej Karpathy’s iconic lecture, "Let’s Build GPT: From Scratch, in Code, Spelled Out", this project takes you on an immersive journey into the inner workings of GPT. Step-by-step, we’ll construct a GPT model from the ground up, demystifying its architecture and bringing its mechanics to life through hands-on coding.
zmkeh/shadow_syscall
windows syscalls with a single line and a high level of abstraction. has modern cpp20 wrappers and utilities, range-based DLL and export enumeration, wrapper around kuser_shared_data. supported compilers: clang, gcc and msvc
zmkeh/ts-ue4dumper
TypeScript and Frida UE4dumper. Use C++ to get offset. Modular and easy to maintain
zmkeh/win-MemoryModule
A flexible PE loader, loading module in memory. Most of the functions can be inline, compatible for shellcode.
zmkeh/WRK
Windows Research Kernel VS2022 Solution
zmkeh/zmkeh