Jean-Francois-C's starred repositories
pe_to_shellcode
Converts PE into a shellcode
packer-tutorial
A tutorial on how to write a packer for Windows!
SharpReflectivePEInjection
reflectively load and execute PEs locally and remotely bypassing EDR hooks
HellgateLoader_CSharp
Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.
commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com
Shhhloader
Syscall Shellcode Loader (Work in Progress)
CarbonCopy
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
SharpEDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
Invoke-EDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools.
AntiCrack-DotNet
C# Project contains a plenty of Advanced Anti-Debugging, Anti-Virtualization, Anti Dll-Injection and Anti-Hooking Techniques.
Dirty-Vanity
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
SharPyShell
SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
invoke-atomicredteam
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
Windows_LPE_AFD_CVE-2023-21768
LPE exploit for CVE-2023-21768
BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
CoercedPotato
A Windows potato to privesc
nanorobeus
COFF file (BOF) for managing Kerberos tickets.
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.