Hacking

Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege - sokaRepo/CoercedPotatoRDLL

This post gives you a simple summary of the most needed WinDbg commands for .NET. The most of the examples are heavily inspired by Konrad Kokosa’s excellent book Pro .NET Memory Management.

In your red teaming or pentesting activities escalating to  SYSTEM on a Windows box is always the desired objective. The SYSTEM user is a special operating system user with the highest privilege, m…

Introduction In this blogpost, we take a closer look at our research regarding CVE-2022-47758: a critical vulnerability impacting a very large number of Internet of Things smart devices. We could leverage this vulnerability in the lamp's firmware for unauthenticated remote code execution on the entire device with the highest privileges

Packer/Protector for x86-64 ELF binaries on Linux.

PoC for using MS Windows printers for persistence / command and control via Internet Printing - Diverto/IPPrintC2

Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...

Simulate the behavior of AV/EDR for malware development training. - Helixo32/CrimsonEDR

Macro-header for compile-time C obfuscation (tcc, win x86/x64) - DosX-dev/obfus.h

The swiss army knife of LSASS dumping. Contribute to fortra/nanodump development by creating an account on GitHub.

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9...

A fast TCP/UDP tunnel over HTTP. Contribute to jpillora/chisel development by creating an account on GitHub.

A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode. - jstrosch/sclauncher

Hex Viewer/Editor/Analyzer compatible with Linux/Windows/MacOS - gcarmix/HexWalk

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Feel free to modiy and DM if you find s...

MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly. - GitHub - Xre0uS/MultiDump: MultiDump is a post-exploitation tool for dumping and extracting LSASS memory ...

An automation to monitor if backdoors/default settings are still active on the compromised machines over time. - GitHub - Drakiat/RedTeam-Checker: An automation to monitor if backdoors/default set...

A Pentest Collaboration and Reporting Tool. Contribute to PeCoReT/pecoret development by creating an account on GitHub.

Pen Test Report Generation and Assessment Collaboration

An modern 64-bit position independent implant template

A set of fully-undetectable process injection techniques abusing Windows Thread Pools - GitHub - SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing Windows ...

SSH based reverse shell . Contribute to NHAS/reverse_ssh development by creating an account on GitHub.

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server. - GitHub - netero1010/EDRSilencer: A tool uses Windo...

Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. - GitHub - Syslifters/sysreptor: Fully customisable, offensiv...

A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams - GitHub - marcosValle/awesome-windows-red-team: A curated list of awesome Windows frameworks, librari...

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. - GitHub - WerWolv/ImHex: 🔍 A Hex Editor for Reverse Engineers, Programmers and people who...

A modular web reconnaissance tool and vulnerability scanner.

Security researchers at Security Joes have recently uncovered a novel process injection technique called "Mockingjay," which enables threat actors to bypass EDR (Endpoint Detection and Response) systems and other security products to execute malicious code discreetly on compromised systems

Learn about the details of the default x64 calling convention.