Giters
Jean-Francois-C

Jean-Francois-C

Geek Repo

65

followers

0

following

392

stars

Location:France

Github PK Tool:Github PK Tool

Jean-Francois-C's starred repositories

pe_to_shellcode

Converts PE into a shellcode

Language:C++License:BSD-2-ClauseStargazers:2318Issues:0Issues:0

packer-tutorial

A tutorial on how to write a packer for Windows!

Language:CLicense:Apache-2.0Stargazers:234Issues:0Issues:0

AtomLdr

A DLL loader with advanced evasive features

Language:CLicense:Apache-2.0Stargazers:636Issues:0Issues:0

SharpReflectivePEInjection

reflectively load and execute PEs locally and remotely bypassing EDR hooks

Language:C#Stargazers:147Issues:0Issues:0

PoolParty

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

Language:C++License:BSD-3-ClauseStargazers:891Issues:0Issues:0

AtlasLdr

Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls

Language:C++Stargazers:344Issues:0Issues:0

HellgateLoader_CSharp

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

Language:C#Stargazers:16Issues:0Issues:0

commando-vm

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

Language:PowerShellLicense:Apache-2.0Stargazers:6868Issues:0Issues:0

SilkETW

Language:C#License:Apache-2.0Stargazers:718Issues:0Issues:0

LatLoader

PoC module to demonstrate automated lateral movement with the Havoc C2 framework.

Language:C++License:GPL-3.0Stargazers:261Issues:0Issues:0

Shhhloader

Syscall Shellcode Loader (Work in Progress)

Language:PythonLicense:GPL-3.0Stargazers:1096Issues:0Issues:0

Boomerang

Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal services to external/other networks

Language:GoLicense:LGPL-2.1Stargazers:217Issues:0Issues:0

CarbonCopy

A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux

Language:PythonLicense:Apache-2.0Stargazers:1286Issues:0Issues:0

SharpEDRChecker

Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.

Language:C#License:BSD-3-ClauseStargazers:674Issues:0Issues:0

Invoke-EDRChecker

Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools.

Language:PowerShellLicense:BSD-3-ClauseStargazers:232Issues:0Issues:0

HellHall

Performing Indirect Clean Syscalls

Language:CStargazers:445Issues:0Issues:0

Hooka

Evasive shellcode loader, hooks detector and more

Language:GoLicense:MITStargazers:201Issues:0Issues:0

AntiCrack-DotNet

C# Project contains a plenty of Advanced Anti-Debugging, Anti-Virtualization, Anti Dll-Injection and Anti-Hooking Techniques.

Language:C#License:MITStargazers:233Issues:0Issues:0

NoFilter

Language:CStargazers:290Issues:0Issues:0

Dirty-Vanity

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417

Language:CStargazers:612Issues:0Issues:0

ScareCrow

ScareCrow - Payload creation framework designed around EDR bypass.

Stargazers:233Issues:0Issues:0

SharPyShell

SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications

Language:PythonLicense:GPL-3.0Stargazers:888Issues:0Issues:0

Altman

the cross platform webshell tool in .NET

Language:C#License:NOASSERTIONStargazers:538Issues:0Issues:0

invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.

Language:PowerShellLicense:MITStargazers:809Issues:0Issues:0

Windows_LPE_AFD_CVE-2023-21768

LPE exploit for CVE-2023-21768

Language:CStargazers:469Issues:0Issues:0

BokuLoader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

Language:CLicense:MITStargazers:315Issues:0Issues:0

CoercedPotato

A Windows potato to privesc

Language:CStargazers:308Issues:0Issues:0

nanorobeus

COFF file (BOF) for managing Kerberos tickets.

Language:CStargazers:275Issues:0Issues:0

weevely3

Weaponized web shell

Language:PythonLicense:GPL-3.0Stargazers:3146Issues:0Issues:0

EDRSilencer

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

Language:CLicense:MITStargazers:1039Issues:0Issues:0