cd9e's repositories
Awesome-CobaltStrike
List of Awesome CobaltStrike Resources
backdoor-toolbox
A compact toolbox for backdoor attacks and defenses.
Blackout
kill anti-malware protected processes ( BYOVD) (Microsoft Won )
CS_Decrypt
CobaltStrike流量解密脚本
electron_shell
Developing a more covert Remote Access Trojan (RAT) tool by leveraging Electron's features for command injection and combining it with remote control methods.
FakeToa
TCP IP伪造,建议使用 ubuntu 22.04
GhostDriver
yet another AV killer tool using BYOVD
Godzilla
哥斯拉
inceptor
Template-Driven AV/EDR Evasion Framework
matro7sh_loaders
this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)
Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
obfusheader.h
Obfusheader.h is a portable header file for C++14 compile-time obfuscation.
Papers
近几年的一些文章和工具
rathole
A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
rules_fork
Repository of yara rules
scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
SecurityResearcher-Note
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
SharpShellcodeLoader_Rc4Aes
用于解密并加载shellcode,支持RC4和AES两种解密方法,并使用DInvoke来动态调用WinAPI函数,从而尝试绕过某些安全解决方案
SharpWxDump
微信客户端取证,可获取用户个人信息(昵称/账号/手机/邮箱/数据库密钥(用来解密聊天记录));支持获取多用户信息,不定期更新新版本偏移,目前支持所有新版本、正式版本
UnlinkDLL
DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
VectorKernel
PoCs for Kernel-mode rootkit techniques research.
Villain
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
wechat-dump-rs
该工具用于导出正在运行中的微信进程的 key 并自动解密所有微信数据库文件以及导出 key 后数据库文件离线解密。
WPeChatGPT
A plugin for IDA that can help to analyze binary file, it is based on the gpt-3.5-turbo model trained by OpenAI, the same as ChatGPT.
x2Ldr
nim免杀过某数字、某绒