Assembly for Hackers
Hacking
WinDbg Cheat Sheet for .NET Developers
This post gives you a simple summary of the most needed WinDbg commands for .NET. The most of the examples are heavily inspired by Konrad Kokosa’s excellent book Pro .NET Memory Management.
Getting SYSTEM – Decoder's Blog
In your red teaming or pentesting activities escalating to SYSTEM on a Windows box is always the desired objective. The SYSTEM user is a special operating system user with the highest privilege, m…
How I hacked smart lights: the story behind CVE-2022-47758
Introduction In this blogpost, we take a closer look at our research regarding CVE-2022-47758: a critical vulnerability impacting a very large number of Internet of Things smart devices. We could leverage this vulnerability in the lamp's firmware for unauthenticated remote code execution on the entire device with the highest privileges
GunshipPenguin/kiteshield: Packer/Protector for x86-64 ELF binaries on Linux
Packer/Protector for x86-64 ELF binaries on Linux.
Diverto/IPPrintC2: PoC for using MS Windows printers for persistence / command and control via Internet Printing
PoC for using MS Windows printers for persistence / command and control via Internet Printing - Diverto/IPPrintC2
Persistence Techniques That Persist
Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...
Helixo32/CrimsonEDR: Simulate the behavior of AV/EDR for malware development training.
Simulate the behavior of AV/EDR for malware development training. - Helixo32/CrimsonEDR
DosX-dev/obfus.h: Macro-header for compile-time C obfuscation (tcc, win x86/x64)
Macro-header for compile-time C obfuscation (tcc, win x86/x64) - DosX-dev/obfus.h
fortra/nanodump: The swiss army knife of LSASS dumping
The swiss army knife of LSASS dumping. Contribute to fortra/nanodump development by creating an account on GitHub.
Notselwyn/CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9...
jpillora/chisel: A fast TCP/UDP tunnel over HTTP
A fast TCP/UDP tunnel over HTTP. Contribute to jpillora/chisel development by creating an account on GitHub.
jstrosch/sclauncher: A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.
A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode. - jstrosch/sclauncher
gcarmix/HexWalk: Hex Viewer/Editor/Analyzer compatible with Linux/Windows/MacOS
Hex Viewer/Editor/Analyzer compatible with Linux/Windows/MacOS - gcarmix/HexWalk
Sh3lldon/FullBypass: A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Feel free to modiy and DM if you find some bugs :)
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Feel free to modiy and DM if you find s...
Xre0uS/MultiDump: MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly. - GitHub - Xre0uS/MultiDump: MultiDump is a post-exploitation tool for dumping and extracting LSASS memory ...
Drakiat/RedTeam-Checker: An automation to monitor if backdoors/default settings are still active on the compromised machines over time.
An automation to monitor if backdoors/default settings are still active on the compromised machines over time. - GitHub - Drakiat/RedTeam-Checker: An automation to monitor if backdoors/default set...
PeCoReT/pecoret: A Pentest Collaboration and Reporting Tool
A Pentest Collaboration and Reporting Tool. Contribute to PeCoReT/pecoret development by creating an account on GitHub.
factionsecurity/faction
Pen Test Report Generation and Assessment Collaboration
Cracked5pider/Stardust: An modern 64-bit position independent implant template
An modern 64-bit position independent implant template
SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing Windows Thread Pools
A set of fully-undetectable process injection techniques abusing Windows Thread Pools - GitHub - SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing Windows ...
NHAS/reverse_ssh: SSH based reverse shell
SSH based reverse shell . Contribute to NHAS/reverse_ssh development by creating an account on GitHub.
netero1010/EDRSilencer: A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server. - GitHub - netero1010/EDRSilencer: A tool uses Windo...
Syslifters/sysreptor: Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. - GitHub - Syslifters/sysreptor: Fully customisable, offensiv...
marcosValle/awesome-windows-red-team: A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams
A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams - GitHub - marcosValle/awesome-windows-red-team: A curated list of awesome Windows frameworks, librari...
WerWolv/ImHex: 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. - GitHub - WerWolv/ImHex: 🔍 A Hex Editor for Reverse Engineers, Programmers and people who...
CERT-Polska/Artemis
A modular web reconnaissance tool and vulnerability scanner.
Mockingjay – A New Process Injection Technique that Bypasses EDR Detection | Black Hat Ethical Hacking
Security researchers at Security Joes have recently uncovered a novel process injection technique called "Mockingjay," which enables threat actors to bypass EDR (Endpoint Detection and Response) systems and other security products to execute malicious code discreetly on compromised systems
x64 calling convention
Learn about the details of the default x64 calling convention.
System session process information