Kdrill: Python tool to check rootkits in Windows kernel
Kdrill Kdrill is a tool to analyze the kernel land of Windows 64b systems (tested from Windows 7 to Windows 11). Its main objective is to assess if the kernel is compromised by a...
Monthly Archive: July 2024
proctools: extracting information and dumping sensitive strings from Windows processes
proctools Small toolkit for extracting information and dumping sensitive strings from Windows processes. Made to accompany another project that’s in the works. procsearch – find sensitive strings in the target process memory searches for...
LogHunter: Opsec tool for finding user sessions by analyzing event log files through RPC
LogHunter Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN). I was once doing a very complex project where there were over 1000 hosts in the infrastructure. I needed...
RedELK: Tool for Red Teams used for tracking and alarming about Blue Team activities
RedELK Red Team’s SIEM – tool for Red Teams for tracking and alarming about Blue Team activities as well as enhanced usability in long-term operations. Enhanced usability and overview for the red team operators by...
GCPwn: A Pentesting Tool For Google Cloud Platform
gcpwn It consists of numerous enumeration modules I wrote plus exploit modules leveraging research done by others in the space (ex. Rhino Security) along with some existing known standalone tools like GCPBucketBrute to make...
Villain: A high level C2 framework
Villain Villain is a high level C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers...
AMSI_VEH: A Powershell AMSI Bypass technique via Vectored Exception Handler
AMSI Bypass via VEH A PowerShell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification. How it works: For...
RedFlag: AI-Powered Code Risk Analysis for Stronger Security
RedFlag RedFlag leverages AI to determine high-risk code changes. Run it in batch mode to scope manual security testing of release candidates, or run it in your CI pipelines to flag PRs and add...
MSSQL ATTACK TOOL – A swiss army knife for pentesting MSSQL servers
MSSQL ATTACK TOOL The MSSQL ATTACK TOOL (M.A.T) was developed at SySS internally in a Research & Development project. The tool, programmed in C#, allows for the fast discovery and exploitation of vulnerabilities in...
Bypass Admin Restrictions: MDE_Enum Reveals Defender Exclusions & ASR Rules
MDE_Enum MDE_Enum is a comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules. It is capable of querying both local and remote systems...