an0x03e8's repositories
Alaris
A protective and Low Level Shellcode Loader that defeats modern EDR systems.
Bin-Finder
Detect EDR's exceptions by inspecting processes' loaded modules
CLRInjector
A PoC .NET-specific process injection tool
Cobalt-Strike-Profiles-for-EDR-Evasion
Cobalt Strike Profiles for EDR Evasion
EDR-Preloader
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
go-secdump
Tool to remotely dump secrets from the Windows registry
InjectKit
Modified versions of the Cobalt Strike Process Injection Kit
LdrLockLiberator
For when DLLMain is the only way
LetMeowIn
A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
llvm-yx-callobfuscator
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
no-defender
A slightly more fun way to disable windows defender + firewall. (through the WSC api)
perfect-dll-proxy
Perfect DLL Proxying using forwards with absolute paths.
PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
RemoteTLSCallbackInjection
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
Rubeus
Trying to tame the three-headed dog.
Rust-for-Malware-Development
This repository contains my complete resources and coding practices for malware development using Rust 🦀.
RustRedOps
🦀 | RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Rust programming language.
Shelter
ROP-based sleep obfuscation to evade memory scanners
SourcePoint
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
TeamsPhisher
Send phishing messages and attachments to Microsoft Teams users
Unwinder
Another approach to thread stack spoofing.
windows-vs-linux-loader-architecture
Side-by-side comparison of the Windows and Linux (GNU) Loaders
xfsc
eXtensions for Financial Services (XFS) proof of concept client to explore and issue commands directly to the devices that support the protocol. Force ATMs to dispense cash if you have code execution on them.