bhassani's repositories
CallbackHell
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
StopDefender
Stop Windows Defender programmatically
2022-01-14-malware-injection-13
Code injection via ZwCreateSection, ZwUnmapViewOfSection. C++ example
ADExplorerSnapshot.py
ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.
bloodyAD
BloodyAD is an Active Directory Privilege Escalation Framework
CVE-2021-44228-Apache-Log4j-Rce
Apache Log4j 远程代码执行
CVE-2022-21883
win32k LPE
DriverAnalyzer
A static analysis tool that helps security researchers scan a list of Windows kernel drivers for common vulnerability patterns in drivers (CVE makers!)
DriverBuddyReloaded
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
FileInsight-plugins
FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis
FunctionStomping
A new shellcode injection technique. Given as C++ header or standalone Rust program.
injdrv
proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
JNDI-Exploit-Kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
KernelBypassSharp
C# Kernel Mode Driver to read and write memory in protected processes
L4sh
Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.
log4jpwn
log4j rce test environment
Log4Shell
Check, exploit, obfuscate, TLS, ACME about log4j2 vulnerability in one Go program.
MalMemDetect
Detect strange memory regions and DLLs
NamedPipe-NotPetya
Emulate NotPetya NamedPipe "server"
PowerRemoteDesktop
Remote Desktop entirely coded in PowerShell.
ProxyDLLExample
code for the Proxy DLL example blog post
pycobalt
Cobalt Strike Python API
ScareCrow-CobaltStrike
Cobalt Strike script for ScareCrow payloads (EDR/AV evasion)
Shellcode_Memory_Loader
基于Golang实现的Shellcode内存加载器,共实现3中内存加载shellcode方式,UUID加载,MAC加载和IPv4加载,目前能过主流杀软(包括Windows Defender)
TurokLoader
A sophisticated ransomware loader similar to Locky, Conti, Emotet and Ryuk
Unhook-Import-Address-Table
Piece of code to detect and remove hooks in IAT