WaterBucket's starred repositories
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
ShellGhost
A memory-based evasion technique which makes shellcode invisible from process start to end.
Malleable-C2-Profiles
Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/.
Hunt-Sleeping-Beacons
Aims to identify sleeping beacons
KaynStrike
UDRL for CS
Voidgate
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
RemoteKrbRelay
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
Evilginx-Phishing-Infra-Setup
Evilginx Phishing Engagement Infrastructure Setup Guide
RedCommander
Red Team C2 Infrastructure built in AWS using Ansible!
asm_tutorial
Code samples for the Understanding Windows x64 Assembly tutorial.
Packer_Development
Slides & Code snippets for a workshop held @ x33fcon 2024
CreateRemoteThreadPlus
CreateRemoteThread: how to pass multiple parameters to the remote thread function without shellcode.
CTF-browser-challenges
Collection of browser challenges
EXP-401-OSEE
A bunch of resources to prepare for the OSEE certification, Offensive Security's hardest course.
UAC-Bypass
UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.
mystique-self-injection
An improvement and a different approach to Mockingjay Self-Injection.
ModifyExports
Research of modifying exported function names at runtime (C/C++, Windows)