RunOnceEx

apache-rootkit

A malicious Apache module with rootkit functionality

DBC2

DBC2 (DropboxC2) is a modular post-exploitation tool, composed of an agent running on the victim's machine, a controler, running on any machine, powershell modules, and Dropbox servers as a means of communication.

DNS-C2

DNS-Persist is a post-exploitation agent which uses DNS for command and control

esdk_Cgw

EventCleaner

A tool mainly to erase specified records from Windows event logs, with additional functionalities.

external_c2_framework

Python api for usage with cobalt strike's External C2 specification

Hooking-via-InstrumentationCallback

codes for my blog post: https://secrary.com/Random/InstrumentationCallback/

ioctlpus

jdbc-backdoor

A fake JDBC driver that allows OS command execution.

jellyfish

GPU rootkit PoC by Team Jellyfish

MSSQL-Fileless-Rootkit-WarSQLKit

Bildiğiniz üzere uzun zamandır MSSQL üzerine çalışmalar yapmaktayım. Bu yazımda uzun zamandır uğraştığım bir konuyu ele alacağım, MSSQL Rootkit. Bildiğiniz üzere şimdiye kadar MS-SQL için anlatılan post-exploitation işlemlerinin büyük çoğunluğu “xp_cmdshell” ve “sp_OACreate” stored procedure’lerini kullanarak anlatılır. Peki xp_cmdshell ve sp_OACreate stored procedure’lerinin olmadığı bir MSSQL sunucusunun “sa” hesabını ele geçirmişsek, o sisteme girmekten vaz mı geçeceğiz? Tabii ki vazgeçmememiz gerekiyor. Bu makale “sa” hesabının yakalandığı ve “xp_cmdshell”, “sp_OACreate”, “sp_OAMethod” vb. prosedürlerin hiç birinin çalışmadığı bir senaryo düşünülerek kaleme alınmıştır.

MyHousekeeper

电脑管家，可以根据不同的病毒特征查杀

NetworkSocket

NetworkSocket是一个以中间件(middleware)扩展通讯协议，以插件(plug)扩展服务器功能的支持SSL安全传输的通讯框架；目前支持http、websocket、fast、flex策略与silverlight策略协议。

nt4

Windows NT4 source code

OSCE

Collection of things made during my preparation to take on OSCE

OSCE-1

Some exploits, which I’ve created during my OSCE preparation.

PESecurity

PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.

r.net

Use .Net assemblies from R environment

redsnarf

RedSnarf is a pen-testing / red-teaming tool for Windows environments

Reflective-Driver-Loader

SharpWeb

.NET 2.0 CLR project to retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Internet Explorer/Edge.

shellcode-example

Windows shellcode example

sniffMK

sniff mouse and keyboard events

SuperVirus

Project aimed at creating a malware able to evolve and adapt to the various host machines through metamorphic modifications, spontaneous mutations, code imitation and DNA programming to enable/disable functionalities

UncoverDCShadow

A PowerShell utility to dynamically uncover a DCShadow attack

Veracrypt-Password-Extractor

A proof-of-concept DLL that prints out the password a user enters into Veracrypt while decrypting a volume.

WinPIT

Windows Process Injection Toolkit - plain and simple :)