fnsank Goto Github PK

herpaderping

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

hwbp4mw

hybris

Tool to spawn processes as SYSTEM by stealing tokens

imonitorsdk

系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）

imwindow

Window and GUI system based on Dear ImGui from OCornut

injdrv

proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC

inject-dll-by-process-doppelganging

Process Doppelgänging

inscan

边界打点后的自动化渗透工具

kdmapper

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

kekeo

A little toolbox to play with Microsoft Kerberos in C

kernelhub

:palm_tree:Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file http://kernelhub.ascotbe.com/

keystone

Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings

ksdumper

Dumping processes using the power of kernel space !

librws

Tiny, cross platform websocket client C library

little-crt

loadlibrayy

x64 manualmapper with kernel elevation and thread hijacking capabilities

lunar

A lightweight native DLL mapping library that supports mapping directly from memory

macro_pack

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

maliciousmacrogenerator

Malicious Macro Generator

memorymodulepp

modify from memorymodule. support exception

memorysharp

A C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.

micro8

Gitbook

mint

Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.

misc

miscellaneous scripts and programs

modulemonitor

Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Injection attacks.

msrpc-to-attack

A repository that maps commonly used attacks using MSRPC protocols to ATT&CK

mythic

A collaborative, multi-platform, red teaming framework

net-obfuscate

Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI

nidhogg

Nidhogg is an all-in-one simple to use rootkit for red teams.

nimlinewhispers

A very proof-of-concept port of InlineWhispers for using syscalls in Nim projects.