darko's starred repositories
edr-internals
Tools for analyzing EDR agents
seccomp-tools
Provide powerful tools for seccomp analysis
grpctunnel
gRPC Tunneling
easyseccomp
DSL language to write seccomp filters
IconJector
Unorthodox and stealthy way to inject a DLL into the explorer using icons
turtlefinder
reusable container engine discovery, not only for Edgeshark
CVE-2024-21111
Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability
Cave-Finder
Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files
CrimsonEDR
Simulate the behavior of AV/EDR for malware development training.
Awesome-Cellular-Hacking
Awesome-Cellular-Hacking
CVE-2024-1086
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
Collect-MemoryDump
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
impulse-xdr
Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.
titanldr-ng
A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.
oci-seccomp-bpf-hook
OCI hook to trace syscalls and generate a seccomp profile
CarbonCopy
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux