Ali Kerman's repositories
Alcatraz
x64 binary obfuscator
ARCInject
Overwrite a process's recovery callback and execute with WER
C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
CISSPNotes
Notes for my CISSP study
conti-pentester-guide-leak
Leaked pentesting manuals given to Conti ransomware crooks
Cobalt-Strike
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
conti-leaks-englished
Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group.
DarkWeb
Repository to include the findings for the Dark Web
ElusiveMice
Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
Jigsaw
Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
LocalAdminSharp
.NET executable to use when dealing with privilege escalation on Windows to gain local administrator access
Ninja_UUID_Dropper
Module Stomping, No New Thread, HellsGate syscaller, UUID Dropper for x64 Windows 10!
OperatorsKit
Collection of Beacon Object Files (BOF) for Cobalt Strike
PageSplit
Splitting and executing shellcode across multiple pages
PcapPlusPlus
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, DPDK and PF_RING.
pe_to_shellcode
Converts PE into a shellcode
PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual.
rapid-endpoint-investigations
Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE
rust-shellcode
:japanese_ogre:windows-rs shellcode runner.
Venom
Venom is a library that meant to perform evasive communication using stolen browser socket