Giters
Processus (ProcessusT)

ProcessusT

Geek Repo

423

followers

15

following

9

stars

Company:Les tutos de Processus

Location:Reims, France

Home Page:https://processus.site

Twitter:@ProcessusT

Github PK Tool:Github PK Tool

Processus's repositories

HEKATOMB

Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.

Language:PythonLicense:GPL-3.0Stargazers:447Issues:12Issues:8

ETWMonitor

Windows notifier tool that detects suspicious connections by monitoring ETW event logs

Language:PHPStargazers:112Issues:3Issues:1

Venoma

Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution

Language:C++Stargazers:98Issues:5Issues:3

PsNotifRoutineUnloader

This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection

Language:C++Stargazers:62Issues:3Issues:0

UnhookingDLL

This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

Language:C++Stargazers:58Issues:3Issues:1

vulnspy

VULNSPY regularly retrieves the latest alerts published by the CERT-FR and the related vulnerabilities with their CVSS score and allows you to notify by email or by discord if a defined threshold is exceeded

Language:PythonLicense:GPL-3.0Stargazers:35Issues:1Issues:1

SharpVenoma

CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution

Language:C#Stargazers:31Issues:1Issues:0

Bypass-AV-DirectSyscalls

Scripts permettant de contourner la protection antivirale de Windows Defender via la technique de Direct Syscalls avec une injection de shellcode préalablement obfusqué avec un fonction XOR.

Language:C#Stargazers:25Issues:1Issues:1

CobaltStrikeBypassDefender

A launcher to load a DLL with xored cobalt strike shellcode executed in memory through process hollowing technique

Language:C++Stargazers:22Issues:3Issues:1

EnumSSN

Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current process

Language:C++Stargazers:19Issues:2Issues:0

La-Gamelle

Tous les trucs utilisés dans les Tutos, les shellcodes, les templates, les notes...

Language:PythonStargazers:13Issues:4Issues:0

RemClip

RemClip is a C# project which permits to steal user clipboard data and send it to a remote web server under attacker control

Language:PHPLicense:GPL-3.0Stargazers:12Issues:2Issues:2

DetectEsetHooks

Tool to enumerate ESET hooked functions by parsing the ebehmoni.dll module

Language:C++Stargazers:8Issues:1Issues:0

MikNet

Autonomous red team implementation allowing sound capture and broadcast through an untraceable front-end server to the attacker's station

License:GPL-3.0Stargazers:7Issues:1Issues:0

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Language:PythonLicense:MITStargazers:4Issues:0Issues:0

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Language:PythonLicense:NOASSERTIONStargazers:3Issues:0Issues:0

IndirectSyscalls

A custom reimplementation of indirect syscalls without the use of GetModuleHandleA and GetProcAddress

Language:C++Stargazers:3Issues:1Issues:0

AD-USERS-ENUM

Enumerate all users and their SID from LDAP

Language:PythonStargazers:2Issues:2Issues:0

invit-bomber

Script python permettant d'envoyer en masse des invitations sur LinkedIn

Language:PythonStargazers:2Issues:1Issues:0

Araneus

Je sais pas trop encore, on verra

Language:PythonStargazers:1Issues:1Issues:0

CodeCaveInjection

Test d'injection de shellcode dans un fichier PE 64bits

Language:C++Stargazers:1Issues:2Issues:0

Crowdsec_to_MISP

Simple Python script to extract suspicious IPs from Crowdsec sqlite database and inject them into your MISP

Language:PythonStargazers:1Issues:3Issues:0

ESEDHOUND

ESEDHOUND is a python script that extract datatable from the ntds.dit file to retrieve users, computers and groups. The goal is to send all the infos into Bloodhound to help incident responders for identifying AD objects.

Language:PythonLicense:GPL-3.0Stargazers:1Issues:1Issues:0

Killer

Is a tool created to evade AVs and EDRs or security tools.

Language:C++Stargazers:1Issues:0Issues:0

libesedb

Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.

Language:CLicense:LGPL-3.0Stargazers:1Issues:0Issues:0

WARNING-WALWARE-_-AM0N-Eye

Stargazers:1Issues:0Issues:0

blackarch

An ArchLinux based distribution for penetration testers and security researchers.

Language:ShellLicense:NOASSERTIONStargazers:0Issues:0Issues:0

Exegol-images

Docker images of the Exegol project

Language:ShellLicense:GPL-3.0Stargazers:0Issues:0Issues:0

generate_random_ad_users

Language:PowerShellStargazers:0Issues:1Issues:0

impacket

Impacket is a collection of Python classes for working with network protocols.

Language:PythonLicense:NOASSERTIONStargazers:0Issues:0Issues:0