Keobjames's repositories
AtlasC2
C# C2 Framework centered around Stage 1 operations
awesome-linux-attack-forensics-purplelabs
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
code_injection
Implementation of several code injection techniques.
command
红队常用命令速查
Covenant
Covenant is a collaborative .NET C2 framework for red teamers.
delete-self-poc
A way to delete a locked file, or current running executable, on disk.
donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
Khepri
Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
CVE-2023-35829-poc
CVE-2023-35829 Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
Disable-TamperProtection
A POC to disable TamperProtection and other Defender / MDE components
ebpf-for-windows
eBPF implementation that runs on top of Windows
Heroinn
A cross platform C2/post-exploitation framework.
InjectTools
一款集成了DLL-Ring0注入,APC注入,线程劫持,映射注入,自提权的工具
Jlaive_Crypter
🔰 Crypter 100% FUD AntiVirus Evasion | AES-256, XOR Bit Encryption
Limelighter
A tool for generating fake code signing certificates or signing real ones
LinuxTQ
《Linux提权工具与方法论》
Mangle
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
NiceKatz
A nice process dumping tool
o365spray
Username enumeration and password spraying tool aimed at Microsoft O365.
RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
reverse-ssh
Statically-linked ssh server with reverse shell functionality for CTFs and such
ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
ServiceMove-BOF
New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
StopDefender
Stop Windows Defender programmatically
TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
WebShell-Bypass-Guide
从零学习Webshell免杀手册