bravery9's repositories
acheron
indirect syscalls for AV/EDR evasion in Go assembly
AV-EPP-EDR-Windows-API-Hooking-List
Depending on the AV/EDR we will check which Windows APIs are hooked by the AV/EDR
Burp2Malleable
Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles
CVE-2023-0386
CVE-2023-0386 analysis and Exp
DavRelayUp
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
Direct-Syscalls-A-journey-from-high-to-low
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
Freeze.rs
Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
hades-1
Go shellcode loader that combines multiple evasion techniques
Hunt-Weird-Syscalls
ETW based POC to identify direct and indirect syscalls
IDLE-Abuse
A method to execute shellcode using RegisterWaitForInputIdle API.
inline-syscall
Inline syscalls made for MSVC supporting x64 and x86
JavaSec-1
a rep for documenting my study, may be from 0 to 0.1
Killer
Is a tool created to evade AVs and EDRs or security tools.
kr-redteam-playbook
오펜시브 시큐리티 TTP, 정보, 그리고 대응 방안을 분석하고 공유하는 프로젝트입니다. 정보보안 업계 종사자들과 학생들에게 도움이 되었으면 좋겠습니다.
LightsOut
Generate an obfuscated DLL that will disable AMSI & ETW
Malleable-CS-Profiles
A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
MDATP
Microsoft 365 Defender - Resource Hub
OPSEC-Tradecraft
Collection of OPSEC Tradecraft and TTPs for Red Team Operations
pen300
Repository for doing pen300 exercises
PowerShell-Obfuscation-Bible
A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
PPN
Pentester's Promiscuous Notebook
RDI-SRDI
This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".
TangledWinExec
PoCs and tools for investigation of Windows process execution techniques
ThreadlessInject-BOF
BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.
Unwinder
Another approach to thread stack spoofing.