KuNgia09's repositories
StopDefender
Stop Windows Defender programmatically
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
AMSI-Unchained
Unchain AMSI by patching the provider’s unmonitored memory space
AtomicSyscall
Tools and PoCs for Windows syscall investigation.
AtomPePacker
A Highly capable Pe Packer
CheekyBlinder
Enumerating and removing kernel callbacks using signed vulnerable drivers
D1rkSleep
Improved version of EKKO by @5pider that Encrypts only Image Sections
DumpThatLSASS
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile.
Extracted_WD_VDM
Windows Defender VDM lua collections
Forensia
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
go_parser
Yet Another Golang binary parser for IDAPro
Havoc
The Havoc Framework
kdmapper
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
KernelSU
A Kernel based root solution for Android
ObfLoader
MAC, IPv4, UUID shellcode Loaders and Obfuscators to obfuscate the shellcode and using some native API to converts it to it binary format and loads it.
PowerUpSQL
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
SharpDPAPI
SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
sliver
Adversary Emulation Framework
sshd_backdoor
/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
TangledWinExec
C# PoCs for investigation of Windows process execution techniques
vbSparkle
VBScript & VBA source-to-source deobfuscator with partial-evaluation
Villain
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.
Windows-driver-samples
This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.