Enzo's starred repositories
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
PowerLessShell
Run PowerShell command without invoking powershell.exe
ShellGhost
A memory-based evasion technique which makes shellcode invisible from process start to end.
Pentest-and-Development-Tips
A collection of pentest and development tips
redteam-research
Collection of PoC and offensive techniques used by the BlackArrow Red Team
windows-dll-hijacking
Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.
dll-hijack-by-proxying
Exploiting DLL Hijacking by DLL Proxying Super Easily
SimplePELoader
In-Memory PE Loader
ThreadlessInject-BOF
BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.
elevationstation
elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
List-RDP-Connections-History
Use powershell to list the RDP Connections History of logged-in users or all users
dll-merger
Merging DLLs with a PE32 EXE without LoadLibrary
Heavens-Gate-2.0
Executes 64bit code from a 32bit process
nginx-ssl-ja3
nginx module for SSL/TLS ja3 fingerprint.
windows_x64_shellcode_template
An easily modifiable shellcode template for Windows x64 written in C
stelf-loader
A stealthy ELF loader - no files, no execve, no RWX
Direct-Syscalls-A-journey-from-high-to-low
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
vmp-virtualprotect-bypass
Disables virtualprotect checks/hooks so you can modify memory and change memory protection in binaries protected by VMProtect.
obfuscator-llvm
Obfuscator as LLVM extension