Pure Malware Development Resource Collections
https://github.com/malsearchs/Pure-Malware-Development.git
https://github.com/malsearchs/Pure-Malware-Development.git
👍5
Today I made public NativeBypassCredGuard, a tool to bypass Credential Guard by patching WDigest.dll using only NTAPI functions:
https://github.com/ricardojoserf/NativeBypassCredGuard.git
X: https://x.com/RicardoJoseRF
https://github.com/ricardojoserf/NativeBypassCredGuard.git
X: https://x.com/RicardoJoseRF
👍7
Hiding In PlainSight - Proxying DLL Loads To Hide From ETWTI Stack Tracing
https://0xdarkvortex.dev/proxying-dll-loads-for-hiding-etwti-stack-tracing/
https://0xdarkvortex.dev/proxying-dll-loads-for-hiding-etwti-stack-tracing/
🔥8👍3
SuperdEye is the implementation of HellHall (a revised version of TartarusGate) in pure Go and Go Assembler.
The purpose is to scan hooked NTDLL and retrieve the Syscall number to then do an indirect Syscall with it, thus allowing the bypass of AV/EDR that put hooks on functions.
https://github.com/almounah/superdeye.git
👍5
Roasting - Timeroasting
SecuraBV/Timeroast - Timeroasting noscripts by Tom Tervoort
On the Applicability of the Timeroasting Attack
https://snovvcrash.rocks/2024/12/08/applicability-of-the-timeroasting-attack.html
Timeroasting takes advantage of Windows' NTP authentication mechanism, allowing unauthenticated attackers to effectively request a password hash of any computer account by sending an NTP request with that account's RID
SecuraBV/Timeroast - Timeroasting noscripts by Tom Tervoort
sudo ./timeroast.py 10.0.0.42 | tee ntp-hashes.txt
hashcat -m 31300 ntp-hashes.txtOn the Applicability of the Timeroasting Attack
https://snovvcrash.rocks/2024/12/08/applicability-of-the-timeroasting-attack.html
👍7😱2
Rogue OpenVpn and WireGuard! 🧭
Still sending docm macros? Reconsider your phishing noscripts! Send openvpn and wireguard configurations! U can easily achieve command exec using VPN : )
Examples here:
https://github.com/CICADA8-Research/Penetration.git
Still sending docm macros? Reconsider your phishing noscripts! Send openvpn and wireguard configurations! U can easily achieve command exec using VPN : )
Examples here:
https://github.com/CICADA8-Research/Penetration.git
👍7🔥2👏1🥱1
Forget PSEXEC: DCOM Upload & Execute Backdoor
https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
🔥10🥱3👍2👏1
LexiCrypt is a shellcode obfuscation and encoding tool that transforms raw shellcode bytes into a "lexicon" of words derived from file names in the windows system32 directory. The resulting encoded output can then be embedded into a code template in various programming languages (e.g., C++, Rust, C#, Go, VBScript/WScript). This approach can help disguise shellcode and potentially bypass naive detection mechanisms.
https://github.com/tehstoni/LexiCrypt.git
https://github.com/tehstoni/LexiCrypt.git
👍8🔥1
🔥 Initial Access Guild registration is now open! 🔥
Offensive Engineers, let us unite in a trusted, vetted community!
I invite you to a curated closed Discord server, where ideas can be exchanged safely.
☢️ binary-offensive.com/guild ☢️
See you inside fellow Breacher!
Offensive Engineers, let us unite in a trusted, vetted community!
I invite you to a curated closed Discord server, where ideas can be exchanged safely.
☢️ binary-offensive.com/guild ☢️
See you inside fellow Breacher!
👍7🔥3😁2👾2⚡1👌1
Custom instruction length for hex-rays
https://github.com/milankovo/instrlen.git
The Instrlen plugin is a tool for IDA Pro that allows for setting the length of an instruction to a custom value. This can be useful when the code is obfuscated or there are jumps after the instruction prefixes.
https://github.com/milankovo/instrlen.git
😁4👍1
CPP / C++ Notes - Windows API Programming Win32
https://caiorss.github.io/C-Cpp-Notes/WindowsAPI-cpp.html#orge9d5c6d
https://caiorss.github.io/C-Cpp-Notes/WindowsAPI-cpp.html#orge9d5c6d
🔥8👍1
Forwarded from K4YT3X's Channel (K4YT3X)
之前一个很简单绕过内核反作弊的方法我开源了:
https://github.com/k4yt3x/InstantSuspend
基本上就是在进程被驱动保护之前你 suspend 它就可以给你个机会 OpenProcess 拿到 handle 或者改代码之类的,有些反作弊解冻进程之后后续还是不能读写内存,有些只要拿到了 handle 后面就能继续用
实在是很简单,也没必要藏着掖着
https://github.com/k4yt3x/InstantSuspend
基本上就是在进程被驱动保护之前你 suspend 它就可以给你个机会 OpenProcess 拿到 handle 或者改代码之类的,有些反作弊解冻进程之后后续还是不能读写内存,有些只要拿到了 handle 后面就能继续用
实在是很简单,也没必要藏着掖着
👍1🔥1😁1🤔1
PhishiUrl
https://github.com/EmadYaY/PhishiUrl
A tool for generating and detecting Unicode domains to identify phishing URLs, aimed at assisting cybersecurity professionals in recognizing and mitigating homograph attacks.
https://github.com/EmadYaY/PhishiUrl
🔥7👍2❤1😁1🙏1
Catalog of key Windows kernel data structures
https://codemachine.com/articles/kernel_structures.html
Understanding EProcess Structure
https://info-savvy.com/understanding-eprocess-structure/
Thanks to https://x.com/5mukx
https://codemachine.com/articles/kernel_structures.html
Understanding EProcess Structure
https://info-savvy.com/understanding-eprocess-structure/
Thanks to https://x.com/5mukx
❤4👾1
Just an attempt to group extracted data from Defender for research purposes.
https://github.com/HackingLZ/ExtractedDefender
credits : Justin Elze
https://github.com/HackingLZ/ExtractedDefender
credits : Justin Elze
👍2
Local Admin In Less Than 60 Seconds (Part 1)
https://medium.com/@nickvourd/local-admin-in-less-than-60-seconds-part-1-e2a0c0102b99
https://medium.com/@nickvourd/local-admin-in-less-than-60-seconds-part-1-e2a0c0102b99
❤3