kyle41111

RedTeamHelp

Tools I use on red team engagements and more

MalwareDevelopment

The projects im more confident in while learning Malware Development

MaldevJourney

Learning Offensive cpp/# for rtl/threat emulation.

Windows-driver-samples

This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.

Blackout

kill anti-malware protected processes (BYOVD)

CrackMapExec

A swiss army knife for pentesting networks

dockerBuilds

fewerstealer

🦊 🧊 Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Autofills, Information, Discord, Telegram, Filezilla, Spotify)

Inline-Execute-PE

Execute unmanaged Windows executables in CobaltStrike Beacons

kdmapper

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

KDU

Kernel Driver Utility

kyle41111.github.io

LdrLibraryEx

A small x64 library to load dll's into memory.

LOLAPPS

LOLAPPS is a compendium of applications that can be used to carry out day-to-day exploitation.

ntqueueapcthreadex-ntdll-gadget-injection

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.

PEzor

Open-Source Shellcode & PE Packer

PPLKiller

Tool to bypass LSA Protection (aka Protected Process Light)

Proxy-Function-Calls-For-ETwTI

The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/

Red-Teaming-TTPs

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!

Sharp-Suite

Also known by Microsoft as Knifecoat :hot_pepper:

SharpPrivesc

Practicing C# and bringing multiple things together for one program. Still noob stuff. Privesc checks and the like.

Shhhloader

Syscall Shellcode Loader (Work in Progress)

threadless_loader_rs

Threadless Injection Payload Toolkit

Vanara

A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.

vcenter_saml_login

A tool to extract the IdP cert from vCenter backups and log in as Administrator

windows-ps-callbacks-experiments

Files for http://blog.deniable.org/posts/windows-callbacks/

Windows_LPE_AFD_CVE-2023-21768

LPE exploit for CVE-2023-21768

yapscan

Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.

yara-ttd

Use YARA rules on Time Travel Debugging traces

ROP_ROCKET

ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Syscalls attack, a novel Heaven's Gate, and "shellcodeless" ROP. The framework utilizes emulation and obfuscation to help expand the attack surface.