1rm's repositories
go-shellcode
A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
goLang-injectors
go注入函数练习
GolangBypassAV
研究利用golang各种姿势bypassAV
inject-assembly
Inject .NET assemblies into an existing process
InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
RedTeamCSharpScripts
C# Script used for Red Team
Sharp-dumpkey
基于C#实现的获取微信数据库密钥的小工具
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
520apkhook
对安卓APP注入MSF PAYLOAD,并且对手机管家进行BYPASS。
amber
Reflective PE packer.
commando-tools
Just the Tools folder from FireEye Commando-VM
CPPPractice
C/C++练手
GoPurple
Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
HiddenVNC
A simple hidden vnc.
LockdExeDemo
A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/
Pokemon-Shellcode-Loader
Tired of looking at hex all day and popping '\x41's? Rather look at Lugia/Charmander? I have the solution for you.
Reptile
LKM Linux rootkit
ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
Screenshooter
C# program to take a full size screenshot or a recording of the user's desktop. Takes in 0-3 flags
SharpEventPersist
Persistence by writing/reading shellcode from Event Log
Skrull
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
UACME
Defeating Windows User Account Control
webshell-sample
收集自网络各处的 webshell 样本,用于测试 webshell 扫描器检测率。
WinPwnage
UAC bypass, Elevate, Persistence methods