Yeah9782's repositories
DrvMon
Advanced driver monitoring utility.
mmapper-rs
Rusty Manual Mapper
hde-mirro
Hacker Disassembler Engine - mirro
negativespoofer
PoC HWID spoofer that runs in EFI
CallStackSpoofer
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
CitrixSecureAccessAuthCookieDump
Dump Citrix Secure Access auth cookie from the process memory
HVNC
Standalone HVNC Client & Server | Coded in C++ (Modified Tinynuke)
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
MicroBackdoor
Small and convenient C2 tool for Windows targets
BeatRev
POC for frustrating/defeating Malware Analysts
CSAgent
CobaltStrike 4.x通用白嫖及汉化加载器
Tartocitron
Tartocitron is a repo to have fun with malwares and the Rust language. This repo provides working examples of dropper written in Rust.
Cronos-Crypter
Cronos Crypter is an simple example of crypter created for educational purposes.
KaynStrike
URDL for CS
DeepSleep
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
XLL_Phishing
XLL Phishing Tradecraft
PointerGuard
PointerGuard is a proof-of-concept tool used to create 'guarded' pointers which disguise pointer addresses, monitor reads/writes, and prevent access from external processes.
KaynLdr
KaynLdr is a Reflective Loader written in C/ASM
PerunsFart
This is my own implementation of the Perun's Fart technique by Sektor7
RemotePatcher
Patch AMSI and ETW in remote process via direct syscall
InMemoryNET
Exploring in-memory execution of .NET
HackLikeALegend
Scripts featured in the book How to Hack Like a Legend
stong-BasteG0d69-Driver
CVE-2020-15368, aka "How to exploit a vulnerable driver"
InviZzzible
InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
qt-minimalistic-builds
Precompiled x64 Qt 5/6 library in minimalistic configuration for Windows.
MemoryModule
Library to load a DLL from memory.
SyscallPack
BOF and Shellcode for full DLL unhooking using dynamic syscalls
Venom5-HVNC-Rat
https://venomcontrol.com/