l0rd-v0ldem0rt's repositories
AES_Shellcode_Encryptor
This repository contains a tool that can encrypt all type of files and give the encrypted output in the form of an encrypted shellcode. Process of encrypting shellcode is very important for injection processes to bypass signature based detection by the security controls.
AsStrongAsFuck
A console obfuscator for .NET assemblies.
avcleaner
C/C++ source obfuscator for antivirus bypass
C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
conti_locker
Conti Locker source code
DefenderStop
Stop Defender Service using C# via Token Impersonation
DomainFrontingLists
A list of Domain Frontable Domains by CDN
EnterprisePurpleTeaming
Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study. Doctor of Science Cybersecurity at Marymount University Dissertation by Xena Olsen.
FunctionStomping
A new shellcode injection technique. Given as C++ header or standalone Rust program.
inceptor
Template-Driven AV/EDR Evasion Framework
KillDefender
A small POC to make defender useless by removing its token privileges and lowering the token integrity
Ninja
Open source C2 server created for stealth red team operations
pe_to_shellcode
Converts PE into a shellcode
Process-Hollowing
Process Hollowing in C++ (x86 / x64) - Process PE image replacement
RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
RPC-Backdoor
A basic emulation of an "RPC Backdoor"
Sealighter
Sysmon-Like research tool for ETW
SealighterTI
Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
Shhhloader
SysWhispers Shellcode Loader (Work in Progress)
SpoolFool
Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
TitanLdr-1
Public variation of Titan Loader. Tweaks Cobalt Strike's behavior with Import Address Table Hooks
VX-API
Collection of various malicious functionality to aid in malware development