IconJector This is a Windows Explorer DLL injection technique that uses the change icon dialog on Windows. How does it work? Firstly, a folder is created in the temp directory, and the properties of...
Immoral Fiber This repository contains two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation) It also contains an example test...
GoDefender This Go package provides functionality to detect and defend against various forms of debugging tools and virtualization environments Anti-Virtualization Triage Detection: Detects if the system is running in a triage or analysis environment....
MagicDot A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue. MagicDot Python Package Implements MagicDot’s rootkit-like techniques: Files/Directories named with dots only Bonus – Such...
ASPJinjaObfuscator A heavily obfuscated Windows–based ASP web shell generation tool utilizing the power of Python’s Jinja2 templating engine. Generates a web shell with randomized variable/function names and HTML strings of random lengths, XOR encrypted strings with base64...
