RunOnceEx

User data from Github https://github.com/RunOnceEx

followers

following

stars

Deep forest

RunOnceEx's repositories

1earn

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Language:C++000

AlternativeShellcodeExec

Alternative Shellcode Execution Via Callbacks

Language:C++000

Antivirus-Artifacts

Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.

000

Beacon

Open Source Cobalt Strike Beacon. Unreleased, in research stages.

Language:Python000

bypass-av-note

免杀技术大杂烩---乱拳打死老师傅

000

COFFInjector

PoC MSVC COFF Object file loader/injector.

Language:C++000

ConPtyShell

ConPtyShell - Fully Interactive Reverse Shell for Windows

Language:PowerShellMIT000

DoppelGate

DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userland Hooking.

Language:C++NOASSERTION000

HookDump

Security product hook detection

Language:C++GPL-3.0010

inline_syscall

Inline syscalls made easy for windows on clang

Language:C++Apache-2.0000

kopycat

Linux Kernel module-less implant (backdoor)

Language:C000

link

link is a command and control framework written in rust

Language:RustAGPL-3.0000

LsassSilentProcessExit

Command line interface to dump LSASS memory to disk via SilentProcessExit

Language:C++000

memexec

A library for loading and executing PE (Portable Executable) from memory without ever touching the disk

Language:RustGPL-3.0000

memlib-rs

A cross platform memory hacking library written in Rust aimed at cheat development.

Language:RustMIT000

min-sized-rust

🦀 How to minimize Rust binary size 📦

Language:RustMIT010

OffensiveNim

My experiments in weaponizing Nim (https://nim-lang.org/)

Language:NimBSD-2-Clause010

pfsense

Main repository for pfSense

Language:PHPApache-2.0000

PIC-Get-Privileges

Building and Executing Position Independent Shellcode from Object Files in Memory

Language:CMIT000

rootkit-arsenal-guacamole

An attempt to restore and adapt to modern Win10 version the Rootkit Arsenal original code sampls

Language:C000

rs-winapi2

Microsoft Windows user-mode API access with clean Rust types.

Language:RustMIT000

rust-windows-shellcode

Windows shellcode development in Rust

Language:Rust000

shieldwall

zero-trust remote firewall instrumentation

Language:GoNOASSERTION000

sn0int

Semi-automatic OSINT framework and package manager

Language:RustGPL-3.0000

trevorc2

TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

Language:CNOASSERTION010

unhook-bof

Remove API hooks from a Beacon process.

Language:CBSD-3-Clause000

UnhookMe

UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware

Language:C++000

weblogic_cmd_plus

weblogic full vulnerability exploit tool, support T3/XMLDecoder vulnerability scanning .

000

WhiteBeam

WhiteBeam: Transparent endpoint security

Language:RustNOASSERTION010

wsb-detect

wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")

Language:CMIT000