KuNgia09's starred repositories
DccwBypassUAC
Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".
SspiUacBypass
Bypassing UAC with SSPI Datagram Contexts
Villain
Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Twitter-Block-Porn
共享黑名单, 一键拉黑所有黄推诈骗犯. Block scammers who sending fake porn comments, and help you improve your experience using Twitter.
process-cloning
The Definitive Guide To Process Cloning on Windows
Dirty-Vanity
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
CallBackDump
dump lsass进程工具
RestrictedAdmin
Remotely enables Restricted Admin Mode
pywintrace
ETW Python Library
VMUnprotect
VMUnprotect can dynamically log and manipulate calls from virtualized methods by VMProtect.
AMSI-Unchained
Unchain AMSI by patching the provider’s unmonitored memory space
ListRDPConnections
C# 读取本机对外RDP连接记录和其他主机对该主机的连接记录,从而在内网渗透中获取更多可通内网网段信息以及定位运维管理人员主机
Amsi_Bypass_In_2023
Amsi Bypass payload that works on Windwos 11
GadgetToJScript
A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
adduserbysamr-bof
Cobalt Strike BOF that Add a user to localgroup by samr
PowerShell-Suite
My musings with PowerShell
p0wnedShell
PowerShell Runspace Post Exploitation Toolkit
DeepL-Crack
Bypass 5,000 characters, Remove edit restriction, Use DeepL Pro Account Cookies/DeepL Api Free Token to translate, Unlock Formal/informal tone, Randomize fingerprint
Amsi-Bypass-Powershell
This repo contains some Amsi Bypass methods i found on different Blog Posts.