Itay Migdal's starred repositories
PoolPartyBof
A beacon object file implementation of PoolParty Process Injection Technique.
ASPJinjaObfuscator
Heavily obfuscated ASP web shell generation tool.
google-dorks-bug-bounty
A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting
lsa-whisperer
Tools for interacting with authentication packages using their individual message protocols
IronSharpPack
IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then reflective load the C# project.
NativeThreadpool
Work, timer, and wait callback example using solely Native Windows APIs.
IoDllProxyLoad
DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
Amsi_Bypass_In_2023
Amsi Bypass payload that works on Windwos 11
InflativeLoading
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
ExploitGSM
Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5
NativeDump
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)
LockdExeDemo
A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/
inject-assembly
Inject .NET assemblies into an existing process
CFG-FindHiddenShellcode
Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
EtwTi-FluctuationMonitor
Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections