Lefteris Panos's repositories
AssemblyLine
A C library and binary for generating machine code of x86_64 assembly language and executing on the fly without invoking another compiler, assembler or linker.
CallbackHell
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
CVE-2021-40444
CVE-2021-40444 PoC
CyberArkTools
Some Python tooling to for example try to decrypt CyberArk .cred credential files
DumpNParse
A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0.
encrypt
Pseudorandom AES-256 encryption designed to protect shellcode and arbitrary strings. C# and C/C++ compatible.
GPUSleep
Move CS beacon to GPU memory when sleeping
incident-response-plan-template
A concise, directive, specific, flexible, and free incident response plan template
Injector
Complete Arsenal of Memory injection and other techniques for red-teaming in Windows
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
LockdExeDemo
A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/
lsarelayx
NTLM relaying for Windows made easy
OSEP-Breaking-Chains
A collection of code snippets built to assist with breaking chains.
PolyHook_2_0
C++17, x86/x64 Hooking Libary v2.0
SharpSelfDelete
C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs
ShellcodeFluctuation
An in-memory evasion technique fluctuating shellcode memory protection between RW & RX and encrypting/decrypting contents
Skrull
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
SleepyCrypt
A shellcode function to encrypt a running process image when sleeping.
SQLRecon
A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
SSHClient
A C# SSH client
StealAllTokens
This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process
Suspended-Thread-Injection
Another meterpreter injection technique using C# that attempts to bypass Defender
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
TitanLdr
Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.
TripleS
Syscall Stub Stealer - Freshly steal Syscall stub straight from the disk
turdshovel
Dump objects from .NET dumps.
winrmdll
C++ WinRM API via Reflective DLL