funnybananas's repositories
LayeredSyscall
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
awesome-lists
Awesome Security lists for SOC/CERT/CTI
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
BOFs
Collection of Beacon Object Files
Cobalt-Strike
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
CS_Uploads_Tracker
Aggressor script add-in for CobaltStrike to track file uploads
CVE-2023-46747-RCE
exploit for f5-big-ip RCE cve-2023-46747
DefenderYara
Extracted Yara rules from Windows Defender mpavbase and mpasbase
NimlineWhispers
A very proof-of-concept port of InlineWhispers for using syscalls in Nim projects.
DojoLoader
Generic PE loader for fast prototyping evasion techniques
ghostwriting-2
A process injection technique using only thread context manipulation
GOAD
game of active directory
import-owned-users-bloodhound
script to import owned users in bloodhound
NimGetWindowClasses
Enumerates windows and returns the title (if any), PID, and Window Class Name.
nimview
A Nim/Webview based helper to create Desktop/Server applications with Nim/C/C++ and HTML/CSS
Operational-Security-101
A repository of advice and guides to share with friends and family who are concerned about their safety during online activities and the security of their devices.
pyMetaTwin
Copy metadata and digital signatures information from one Windows executable to another using Wine on a non-Windows platform
SCShell
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
sleepmask-vs
A simple Sleepmask BOF example
SteppingStones
A Red Team Activity Hub
vim-config
A repository containing Vim configurations that set up specific development environments.
Vundle.vim
Vundle, the plug-in manager for Vim