Cobalt Strike Profiles for EDR #Evasion
https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion
https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion
With PPLDescribe, you can retrieve information about processes that are protected by PPL. The tool parses PS_PROTECTION, PS_PROTECTED_TYPE and PS_PROTECTED_SIGNER structures to retrieve the information
#Credential_access
https://github.com/MzHmO/PPLDescribe
#Credential_access
https://github.com/MzHmO/PPLDescribe
GitHub
GitHub - MzHmO/PPLDescribe: Tool for obtaining information about PPL processes
Tool for obtaining information about PPL processes - MzHmO/PPLDescribe
Remote buffer overflow over wifi_stack in wpa_supplicant binary in android 11, platform:samsung a20e, stock options so like works out of the box
https://github.com/SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e
https://github.com/SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e
GitHub
GitHub - SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e: Remote…
Remote buffer overflow over wifi_stack in wpa_supplicant binary in android 11, platform:samsung a20e, stock options so like works out of the box - SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack...
Simulate the behavior of AV/EDR for malware development training.
https://github.com/Helixo32/CrimsonEDR/tree/main
https://github.com/Helixo32/CrimsonEDR/tree/main
GitHub
GitHub - Helixo32/CrimsonEDR: Simulate the behavior of AV/EDR for malware development training.
Simulate the behavior of AV/EDR for malware development training. - Helixo32/CrimsonEDR
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. #evasion
https://github.com/Sh3lldon/FullBypass
https://github.com/Sh3lldon/FullBypass
GitHub
GitHub - Sh3lldon/FullBypass: A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language…
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. - Sh3lldon/FullBypass
Forwarded from SoheilSec (Soheil Hashemi)
یک تکنیک جدید جهت احراز هویت اجباری ADCS
https://github.com/decoder-it/ADCSCoercePotato
https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
#ردتیم
https://github.com/decoder-it/ADCSCoercePotato
https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
#ردتیم
Keylogging in the Windows kernel with undocumented data structures
https://github.com/eversinc33/Banshee
https://eversinc33.com/posts/kernel-mode-keylogging/
https://github.com/eversinc33/Banshee
https://eversinc33.com/posts/kernel-mode-keylogging/
GitHub
GitHub - eversinc33/Banshee: Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features. - eversinc33/Banshee
Teler Real-time HTTP intrusion detection
https://github.com/kitabisa/teler
https://github.com/kitabisa/teler
Process Hypnosis: Debugger assisted control flow hijack
https://github.com/CarlosG13/Process-Hypnosis-Debugger-assisted-control-flow-hijack/tree/main
API : https://malapi.io/winapi/DebugActiveProcessStop
https://github.com/CarlosG13/Process-Hypnosis-Debugger-assisted-control-flow-hijack/tree/main
API : https://malapi.io/winapi/DebugActiveProcessStop
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
https://github.com/notselwyn/cve-2024-1086
https://github.com/notselwyn/cve-2024-1086
GitHub
GitHub - Notselwyn/CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most…
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9...
Peneter Tools
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images. https://github.com/notselwyn/cve…
GitHub
GitHub - YuriiCrimson/ExploitGSM: Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5
Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5 - YuriiCrimson/ExploitGSM
lateral movement noscript that leverages the CcmExec service to remotely hijack user sessions.
https://github.com/mandiant/CcmPwn
https://github.com/mandiant/CcmPwn
GitHub
GitHub - mandiant/ccmpwn
Contribute to mandiant/ccmpwn development by creating an account on GitHub.
Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
https://github.com/EvilBytecode/EDR-XDR-AV-Killer
https://github.com/EvilBytecode/EDR-XDR-AV-Killer
GitHub
GitHub - EvilBytecode/EDR-XDR-AV-Killer: Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by…
Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver - EvilBytecode/EDR-XDR-AV-Killer