N4kedTurtle

openedr

Open EDR public repository

Awesome-RCE-techniques

Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

KrbRelayUp

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

EDRSandblast

C2-Tool-Collection

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

whids

Open Source EDR for Windows

ProtectMyTooling

Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.

counterfit

a CLI that provides a generic automation layer for assessing the security of ML models

EvilSelenium

EvilSelenium is a tool that weaponizes Selenium to attack Chromium based browsers.

Oh365UserFinder

Python3 o365 User Enumeration Tool

Hunt-Sleeping-Beacons

Aims to identify sleeping beacons

PrivKit

PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.

DeepSleep

A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC

Windows-SignedBinary

Probatorum-EDR-Userland-Hook-Checker

Project to check which Nt/Zw functions your local EDR is hooking

Handly

Abuse leaked token handles.

LogonCredentialsSteal

LOCAL AND REMOTE HOOK msv1_0!SpAcceptCredentials from LSASS.exe and DUMP DOMAIN/LOGIN/PASSWORD IN CLEARTEXT to text file.

FuckThatSmuggler

Simple tool to perform HTML Smuggling.

Process_Protection_Level_BOF

Code-Obfuscator

code obfuscation via control flow flattening

Lastenzug

Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level