Marcos Oviedo's repositories
RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
MalMemDetect
Detect strange memory regions and DLLs
SinMapper
usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to prevent modern anti-cheats (BattlEye, EAC) from finding your driver and having the power to hook anything due to being inside of legit memory (signed legit driver).
TokenStomp
C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic
BackupOperatorToDA
From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
CandyPotato
Pure C++, weaponized, fully automated implementation of RottenPotatoNG
capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
FindETWProviderImage
Quickly search for references to a GUID in DLLs, EXEs, and drivers
Hunt-Sleeping-Beacons
Aims to identify sleeping beacons
LiquidSnake
LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
MalSeclogon
A little tool to play with the Seclogon service
process-governor
This application allows you to put various limits on a Windows process.
RestrictedAdmin
Remotely enables Restricted Admin Mode
shakeitoff
Windows LPE 0-day
unDefender
Killing your preferred antimalware by abusing native symbolic links and NT paths.
unicorn_pe
Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.
windows-hardening-scripts
Windows 10/11 hardening scripts
winrmdll
C++ WinRM API via Reflective DLL
WPBT-Builder
The simple UEFI application to create a Windows Platform Binary Table (WPBT) from the UEFI shell.