ethicalhax's repositories
Probatorum-EDR-Userland-Hook-Checker
Project to check which Nt/Zw functions your local EDR is hooking
DoppelGate
DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userland Hooking.
String_Spy
String Spy is a project aimed at improving MacOS/Linux defenses. It allows users to constantly monitor all running processes for user-defined strings, and if it detects a process with such a string it will log the PID, process path, and user running the process. It will also (optionally) kill the process.
modified-tcc-clickjack
modified version of Ron Masas's TCC-Clickjack Swift project
Guard_Comms
C2 Guard Comms code base based on Guard Pages
Silent_Chrome
This code shows how to silently install Web Store extensions on Google Chrome on MacOS
Generate_DLLProxy_Header
Basic script to generate proxy DLL headers for side loading tests, will likely make prettier later
ShellcodeFluctuation
An in-memory evasion technique fluctuating shellcode memory protection between RW & RX and encrypting/decrypting contents
SleepyCrypt
A shellcode function to encrypt a running process image when sleeping.
AceLdr
Cobalt Strike UDRL for memory scanner evasion.
ANGRYORCHARD
A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.
FOLIAGE
Experiment on reproducing Obfuscate & Sleep
Stardust
A modern 64-bit position independent implant template
TCC-ClickJacking
A proof of concept for a clickjacking attack on macOS.
TitanLdr
Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH