ashr's repositories
apache-log4j-poc
Apache Log4j 远程代码执行
BeaconEye
Hunts out CobaltStrike beacons and logs operator command output
binlex
A Binary Genetic Traits Lexer
CVE-2021-40444
CVE-2021-40444 PoC
CVE-2022-0185
CVE-2022-0185
CVE-2022-21882
win32k LPE
CVE-2022-21907
Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907
ExternalC2.NET
.NET implementation of Cobalt Strike's External C2 Spec
EyeWitness
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
halosgate-ps
Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
HellsGateNim
A quick example of the Hells Gate technique in Nim
HTTPS_CSharp_Server
Implementing a Multithreaded HTTP/HTTPS Debugging Proxy Server in C# xref. `https://www.codeproject.com/Articles/93301/Implementing-a-Multithreaded-HTTP-HTTPS-Debugging`
injectEtwBypass
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
JNDIExploit
A malicious LDAP server for JNDI injection attacks
linux
Linux kernel source tree
Logout4Shell
Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
mal_unpack_drv
MalUnpack companion driver
malicious-pdf
Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator
noPac
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
RCE-0-day-for-GhostScript-9.50
RCE 0-day for GhostScript 9.50 - Payload generator
redirector
Safe Redirector
RustSCRunner
Shellcode Runner/Injector in Rust using NTDLL functions directly with the ntapi Library
Slayer
Slayer
StopDefender
Stop Windows Defender programmatically
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
vx
Virus Exchange (VX) - Collection of malware or assembly code used for "offensive" purposed.
VXUG-Papers
Research code & papers from members of vx-underground.
ZipExec
A unique technique to execute binaries from a password protected zip