Yeah9782's repositories
CallstackSpoofingPOC
C++ self-Injecting dropper based on various EDR evasion techniques.
httpworker-resident-loader
A Flask-based HTTP(S) command and control (C2) framework with a web interface. Custom Windows EXE/DLL implants written in C++. For educational use only.
AtlasLdr
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
rengine
reNgine is an automated reconnaissance framework for web
llvm-yx-callobfuscator
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
Nidhogg
Nidhogg is an all-in-one simple to use rootkit.
BobTheSmuggler
"Bob the Smuggler": A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots).
RedTeamCCode
Red Team C code repo
elastic-container
Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine
Freeze
Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
ThreadlessInject-C
This repository implements Threadless Injection in C
mortar
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
SmmBackdoorNg
Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks
crystr
Compile-Time Strings and Numbers Encryption for C++20
crycall
Compile-Time Calls Obfuscator for C++14+
ollvm17
Obfuscation LLVM 17
NtlmThief
Extracting NetNTLM without touching lsass.exe
BokuLoader
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. By: @0xBoku & @s4ntiago_p
Kerbeus-BOF
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
Inline-Execute-PE
Execute unmanaged Windows executables in CobaltStrike Beacons
LdrLibraryEx
A small x64 library to load dll's into memory.
LdrLockLiberator
For when DLLMain is the only way
phook
Full DLL Hooking, phrack 65
Win32_Offensive_Cheatsheet
Win32 and Kernel abusing techniques for pentesters
C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Windows-APT-Warfare
著作《Windows APT Warfare:惡意程式前線戰術指南》各章節技術實作之原始碼內容
SharpKiller
Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8