a112z Goto Github PK

3gstudent

bootdoor

Former UEFI Firmware Rootkit Replicating MoonBounce / ESPECTRE

c_syscalls

Single stub direct and indirect syscalling with runtime SSN resolving for windows.

callstackspoofer

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

cheekyblinder

Enumerating and removing kernel callbacks using signed vulnerable drivers

cmloot

Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares

credbandit

Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

cronos

PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners.

dearg-thread-ipc-stealth

A novel technique to communicate between threads using the standard ETHREAD structure

edrs

freshycalls

FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!

gadgettojscript

A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.

gomapenum

User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin

havoc

The Havoc Framework

iori_loader

UUID shellcode Loader with dynamic indirect syscall implementation, syscall number/instruction get resolved dynamicaly at runtime, and the syscall number/instruction get unhooked using Halosgate technique. Function address get resolved from the PEB by offsets and comparaison by hashes

javascript-backdoor

Learn from Casey Smith @subTee

kernelforge

A library to develop kernel level Windows payloads for post HVCI era

microbackdoor

Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]

mordor-rs

Rusty Hell's Gate / Halo's Gate / Tartarus' Gate and FreshyCalls / Syswhispers2 Library

ntfsdump

Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.

offensive_macos

Tracking of offensive macOS tooling, blogs, and related helpful information

offensiverust

Rust Weaponization for Red Team Engagements.

petitpotam

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

phishing.database

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.

pinkpanther

Windows x64 handcrafted token stealing kernel-mode shellcode

reinschauer

it is very good

s6_pcie_microblaze

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

screenshotbof

An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

seclists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

sharpchisel

C# Wrapper around Chisel from https://github.com/jpillora/chisel