Borja Merino's repositories
Windows-One-Way-Stagers
Windows Stagers to circumvent restrictive network environments
PlcInjector
Modbus stager in assembly and some scripts to upload/download data to the holding register of a PLC
DNS-Polygraph
Tool designed to study the answers of your DNS resolver and make easier the identification of techniques such as DNS Hijacking/Poisoning
reflectPatcher
Python script to patch the reflective stub in a DLL
DoublePulsar-Volatility
Volatility plugin to help identify DoublePulsar implant by listing the array of pointers SrvTransaction2DispatchTable from the srv.sys driver.
Hidden-Cobra-Proxy
Nmap NSE script to detect the proxy component of the Hidden Cobra APT attributed to North Korean government
metasploit-framework
Metasploit Framework
MlwScripts
Scripts for malware analysis
Cobaltstrike-Detection
This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared
Cyber-Defence
Information released publicly by NCC Group's Cyber Defence team
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
InfinityHook
Hook system calls, context switches, page faults and more.
advisories
Advisories and Proofs of Concept by BlackArrow
Brute-Ratel-C4-Community-Kit
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4 (https://bruteratel.com/)
HyperDbg
The Source Code of HyperDbg Debugger 🐞
pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
pivotnacci
A tool to make socks connections through HTTP agents
Revenant
Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework
ThreatIntelligenceDiscordBot
Gets updates from various clearnet domains and ransomware threat actor domains
transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
xknow_infosec
Random Stuff for Cyber Security Incident Response