Bw3ll's starred repositories
ImmoralFiber
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)
ELFieScanner
A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by threat actors & those which have been incorporated into open-source user-mode rootkits.
kestrel-lang
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
IDA_Plugin_AntiDebugSeeker
Automatically identify and extract potential anti-debugging techniques used by malware.
Win32_Offensive_Cheatsheet
Win32 and Kernel abusing techniques for pentesters
search-by-image
Browser extension for reverse image search, available for Chrome, Edge and Safari
ROP_ROCKET
ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Syscalls attack, a novel Heaven's Gate, and "shellcodeless" ROP. The framework utilizes emulation and obfuscation to help expand the attack surface.
secrets-patterns-db
Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
sharem
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
GhidraScripts
Scripts to run within Ghidra, maintained by the Trellix ARC team
Awesome-Red-Teaming
List of Awesome Red Teaming Resources
Awesome-Advanced-Windows-Exploitation-References
List of Awesome Advanced Windows Exploitation References
WindowsExploitationResources
Resources for Windows exploit development