bigbrobro's repositories

Language:C++Stargazers:0Issues:0Issues:0

Ares

Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique

License:GPL-3.0Stargazers:0Issues:0Issues:0

BackupOperatorToDA

From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller

Stargazers:0Issues:0Issues:0

BofAllTheThings

Creating a repository with all public Beacon Object Files (BoFs)

Stargazers:0Issues:0Issues:0
Language:HTMLLicense:MPL-2.0Stargazers:0Issues:0Issues:0

DemoCode

Some code for demonstration

Language:PythonStargazers:0Issues:0Issues:0

ehids-agent

A Linux Host-based Intrusion Detection System based on eBPF.

License:AGPL-3.0Stargazers:0Issues:0Issues:0

Elkeid-HUB

Elkeid HUB is a rule/event processing engine maintained by the Elkeid Team that supports streaming/offline (not yet supported by the community edition) data processing. The original intention is to solve complex data/event processing and external system linkage requirements through standardized rules.

License:NOASSERTIONStargazers:0Issues:0Issues:0

ESFang

ESF modular ingestion tool for development and research.

Language:Objective-CStargazers:0Issues:0Issues:0

FalconFriday

Bi-weekly hunting queries

License:BSD-3-ClauseStargazers:0Issues:0Issues:0

FunctionStomping

A new shellcode injection technique. Given as C++ header, standalone Rust program or library.

License:BSD-2-ClauseStargazers:0Issues:0Issues:0

godlp

sensitive information protection toolkit

License:MITStargazers:0Issues:0Issues:0

GoldenCopy

Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.

License:GPL-3.0Stargazers:0Issues:0Issues:0

iMonitor

iMonitor(冰镜 - 终端行为分析系统)

License:AGPL-3.0Stargazers:0Issues:0Issues:0

inject-assembly

Inject .NET assemblies into an existing process

License:GPL-3.0Stargazers:0Issues:0Issues:0

iris-web

Incident Response collaborative platform

License:LGPL-3.0Stargazers:0Issues:0Issues:0

Ivy

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.

Language:GoLicense:MITStargazers:0Issues:0Issues:0

KrbRelay

Framework for Kerberos relaying

Stargazers:0Issues:0Issues:0

LdapSignCheck

Beacon Object File & C# project to check LDAP signing

Stargazers:0Issues:0Issues:0

PackMyPayload

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

Stargazers:0Issues:0Issues:0

pe2shc-to-cdb

Convert shellcode generated using pe_2_shellcode to cdb format.

Stargazers:0Issues:0Issues:0
Stargazers:0Issues:0Issues:0

process_overwriting

Yet another variant of Process Hollowing

Stargazers:0Issues:0Issues:0
License:MITStargazers:0Issues:0Issues:0

rita

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Language:GoLicense:GPL-3.0Stargazers:0Issues:0Issues:0

RogueAssemblyHunter

Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.

License:MITStargazers:0Issues:0Issues:0

SharpGhosting

Process Ghosting in C#

License:BSD-3-ClauseStargazers:0Issues:0Issues:0

Simple-Reverse-Shell

Simple reverse shell to avoid Win 11 defender detection

Language:C++Stargazers:0Issues:0Issues:0

sliver

Adversary Emulation Framework

Language:GoLicense:GPL-3.0Stargazers:0Issues:0Issues:0

WMEye

WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement

Language:C#License:MITStargazers:0Issues:0Issues:0