Stars
PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.
xVision is a plugin for the JadX decompiler that aims to integrate with Large Language Models (LLMs) to provide code analysis directly in the JAdX.
Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
LSASS memory dumper using direct system calls and API unhooking.
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…
Collection of Windows Hacking Binaries
Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.
Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
AV/EDR evasion via direct system calls.
Simple PoC to locate hooked functions by EDR in ntdll.dll
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
SysmonX - An Augmented Drop-In Replacement of Sysmon
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin dete…
🐟 PoC of a VBA macro spawning a process with a spoofed parent and command line.
Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"
The goal of this repository is to document the most common techniques to bypass AppLocker.
A centralized resource for previously documented WDAC bypass techniques
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.