Author: ddos

Artifact collection tool

Fennec: Artifact collection tool for *nix systems

Fennec fennec is an artifact collection tool written in Rust to be used during an incident response on *nix based systems. fennec allows you to write a configuration file that contains how to collect...

AMSI Bypass

Ghosting-AMSI: AMSI Bypass via RPC Hijack

This technique exploits the COM-level mechanics AMSI uses when delegating scan requests to antivirus (AV) providers through RPC. By hooking into the NdrClientCall3 function—used internally by the RPC runtime to marshal and dispatch function...

NTFS Forensics tool

ntfstool: Forensics tool for NTFS

ntfstool NTFSTool is a forensic tool to play with disks and NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also information on bitlocker encrypted partition (fve). See examples below to...

Fuzzing Unification Framework

fuzzuf: Fuzzing Unification Framework

fuzzuf fuzzuf (fuzzing unification framework) is a fuzzing framework with its own DSL to describe a fuzzing loop by constructing building blocks of fuzzing primitives. Why use fuzzuf? fuzzuf enables a flexible definition of a fuzzing loop...