BOBO's repositories
COM-Hunter
COM Hijacking VOODOO
Blackhat-USA-2022-Materials
Presentation materials for my Black Hat USA 2022 Briefing and Arsenal talks
CallMeWin32kDriver
Load your driver like win32k.sys
Cronos-Rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
CSAgent
CobaltStrike 4.x通用白嫖及汉化加载器
DCSec
域控安全one for all
DeathSleep
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
difuze
Fuzzer for Linux Kernel Drivers
Havoc
The Havoc Framework
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
katana
A next-generation crawling and spidering framework.
KernelCallbackTable-Injection
Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
KPPL
Kill Protected Process Light Process (include av)
llvm-msvc-build
Build llvm-msvc
llvmanalyzer
笔者在一款基于LLVM编译器架构的retdec开源反编译器工具的基础上,融合了klee符号执行工具,通过符号执行(Symbolic Execution)引擎动态模拟反编译后的llvm的ir(中间指令集)运行源程序的方法,插桩所有的对x86指令集的thiscall类型函数对this指针结构体(也就是rcx寄存器,简称this结构)偏移量引用,经行分析汇总后自动识别this结构体的具体内容,并自动集成导入ida工具辅助分析.
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
one-last-image
🧸「One Last Image」卢浮宫生成器 - One Last Kiss 封面风格生成器
open-vm-tools
Official repository of VMware open-vm-tools project
PDBRipper
PDBRipper is a utility for extract an information from PDB-files.
PeNet
Portable Executable (PE) library written in .Net
rp
rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.
spring-spel-0day-poc
spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP
WeChatFerry
微信逆向。Hook WeChat, passing message between agent and WeChat.
windows-coerced-authentication-methods
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.