Category: Ethical Hacking
MemFiles MemFiles is a toolkit for CobaltStrike that enables Operators to write files produced by the Beacon process into memory, rather than writing them to disk on the target system. It has been successfully...
HackSys Extreme Vulnerable Driver (HEVD) – BufferOverflowNonPagedPoolNx Exploit This repository contains an exploit for the BufferOverflowNonPagedPoolNx vulnerability in HackSys Extreme Vulnerable Driver (HEVD). The exploit targets Windows 10 Version 22H2 (OS Build 19045.3930) and demonstrates...
Atexec-pro Modified based on atexec.py (ATSVC example for some functions implemented, creates, enums, runs and deletes jobs. This example executes a command on the target machine through the Task Scheduler service. Returns the output of...
MSC Dropper Tool MSC Dropper is a Python script designed to automate the creation of MSC (Microsoft Management Console) files with customizable payloads for arbitrary execution. This tool leverages a method discovered by Samir...
proctools Small toolkit for extracting information and dumping sensitive strings from Windows processes. Made to accompany another project that’s in the works. procsearch – find sensitive strings in the target process memory searches for...
LogHunter Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN). I was once doing a very complex project where there were over 1000 hosts in the infrastructure. I needed...
gcpwn It consists of numerous enumeration modules I wrote plus exploit modules leveraging research done by others in the space (ex. Rhino Security) along with some existing known standalone tools like GCPBucketBrute to make...
Villain Villain is a high level C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers...
AMSI Bypass via VEH A PowerShell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification. How it works: For...
MSSQL ATTACK TOOL The MSSQL ATTACK TOOL (M.A.T) was developed at SySS internally in a Research & Development project. The tool, programmed in C#, allows for the fast discovery and exploitation of vulnerabilities in...
MDE_Enum MDE_Enum is a comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules. It is capable of querying both local and remote systems...
TheAllCommander Framework for modeling and researching C2 communications for developing efficient filtering and detection logic. TheAllCommander 2.1 (April 2024) includes support for logging telemetry data gathered from test daemons, as well as alpha support...
Fragtunnel Fragtunnel is a PoC TCP tunneling tool that exploits the design flaw that IDS/IPS engines and Next Generation Firewalls have; therefore, it can tunnel your application’s traffic to the target server and back...
DonPAPI DonPAPI automates secrets dump remotely on multiple Windows computers, with defense evasion in mind. Collected credentials: Chromium browser Credentials, Cookies, and Chrome Refresh Token Windows Certificates Credential Manager Firefox browser Credentials and Cookies...
BlueSpy – PoC to record audio from a Bluetooth device This repository contains the implementation of a proof of concept to record and replay audio from a Bluetooth device without the legitimate user’s awareness....
File Tunnel Tunnel TCP connections through a file. Compatibility SMB NFS AFP windows-x64 Y Y Unknown – please let me know linux-x64 Y Y Unknown – please let me know linux-arm64 Unknown – please...