bu-shuo

followers

following

stars

China

bu-shuo's starred repositories

MalwareSourceCode

Collection of malware source code for a variety of platforms in an array of different programming languages.

Language:Assembly15098 732 62

AD-Attack-Defense

Attack and defend active directory using modern post exploitation adversary tradecraft activity

dot

The Deepfake Offensive Toolkit

Language:PythonBSD-3-Clause3917 42 86

my-re0-k8s-security

:atom: [WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐

Language:Shell2765 46 3

vmprotect-3.5.1

Language:C++1671 31 3

EDR-Telemetry

This project aims to compare and evaluate the telemetry of various EDR products.

Language:PowerShell1179 47 24

Shhhloader

Syscall Shellcode Loader (Work in Progress)

Language:PythonGPL-3.01044 25 33

SigFlip

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

Language:C#MIT945 20 10

Windows-Local-Privilege-Escalation-Cookbook

Windows Local Privilege Escalation Cookbook

Language:PowerShellMIT719 9 1

SecBooks

安全类各家文库大乱斗

Language:HTML625 9 2

Windows10-CustomKernelSigners

Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSigners

Language:C++591 22 6

InsightEngineering

Hardcore Debugging

CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability

Microsoft-Outlook-Remote-Code-Execution-Vulnerability

Language:Python562 90

LearnJavaMemshellFromZero

【三万字原创】完全零基础从0到1掌握Java内存马，公众号：追梦信安

OffensiveCpp

This repo contains C/C++ snippets that can be handy in specific offensive scenarios.

Language:C++523 50

Banshee

Experimental Windows x64 Kernel Rootkit.

Language:C++413 11 2

Sign-Sacker

Sign-Sacker(签名掠夺者)：一款数字签名复制器，可将其他官方exe中数字签名，图标，详细信息复制到没有签名的exe中，作为免杀，权限维持，伪装的一种小手段。

Language:PythonMIT399 6 4

VectorKernel

PoCs for Kernelmode rootkit techniques research.

Language:C#BSD-3-Clause272 10 1

Marble

The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.

Language:C++262 4 1

RandomTSScripts

Collection of random RedTeam scripts.

Language:C++188 60

yafu

Automated integer factorization

Language:C163 12 26

EventLogCrasher

Language:C163 7 2

ssde

SSDE is a collection of utilities that help in having Windows load your custom signed kernel drivers when Secure Boot is on and you own the system's platform key, instead of using test mode.

Language:C++MIT145 10 9

ProcessStomping

A variation of ProcessOverwriting to execute shellcode on an executable's section

Language:PowerShellApache-2.0142 2 2

AutomatedEmulation

An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.

Language:HCLMIT136 40

Misc-Research

A collection of tools, scripts and personal research

Language:Python94 50

adiskreader

Async Python library to parse local and remote disk images.

Language:PythonNOASSERTION68 10

etwunhook

Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.

Language:C++3600

py-amsi

Scan strings or files for malware using the Windows Antimalware Scan Interface

Language:C++MIT29 20

CTF-writeups

Writeups for CTF challenges

Language:RoffMIT2700