marcosd4h

Marcos Oviedo's repositories

GhidraSnippets

Python snippets for Ghidra's Program and Decompiler APIs

CC0-1.03 10

moneta

Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs

Language:C++GPL-3.02 10

CheekyBlinder

Enumerating and removing kernel callbacks using signed vulnerable drivers

Language:C++1 10

Crinkler is an executable file compressor (or rather, a compressing linker) for Windows for compressing small demoscene executables. As of 2020, it is the most widely used tool for compressing 1k/4k/8k intros.

Language:C++NOASSERTION1 10

delete-self-poc

A way to delete a locked file, or current running executable, on disk.

MIT100

FOLIAGE

Experiment on reproducing Obfuscate & Sleep

Language:C1 10

hookbong

Detect hooks inside a loaded process.

Language:C#MIT1 10

HookDump

Security product hook detection

Language:C++GPL-3.01 10

impacket_static_binaries

Standalone binaries for Linux/Windows of Impacket's examples

Language:PythonNOASSERTION1 10

InterProcessCommunication-Samples

Some Code Samples for Windows based Inter-Process-Communication (IPC)

Language:C++1 10

printjacker

Hijack Printconfig.dll to execute shellcode

Language:C++1 10

sakeInject

Windows PE - TLS (Thread Local Storage) Injector in C/C++

Language:C1 10

TelemetrySourcerer

Enumerate and disable common sources of telemetry used by AV/EDR.

Language:C++Apache-2.01 10

WinDefend_ZeroDay

lol MS

Language:C++1 10

Extensible-Storage-Engine

ESE is an embedded / ISAM-based database engine, that provides rudimentary table and indexed access. However the library provides many other strongly layered and and thus reusable sub-facilities as well: A Synchronization / Locking library, a Data-structures / STL-like library, an OS-abstraction layer, and a Cache Manager, as well the full blown database engine itself

MIT000

FileTest

Source code for File Test - Interactive File System Test Tool

MIT000

IOXIDResolver

IOXIDResolver.py from AirBus Security

Language:PythonBSD-3-Clause010

KSOCKET

KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK

Language:CMIT010

LogicalAnalyzer

Logical Analyzer is a C# library for determining if Rules apply to provided Objects

Language:C#MIT010

malware

Malware Samples. Uploaded to GitHub for those want to analyse the code. Code mostly from: http://www.malwaretech.com

Language:C++010

NTLib

Headers for linking your software with ntdll.dll

Language:CBSD-3-Clause010

openprocmon

open source process monitor

Language:CMIT010

reactos

A free Windows-compatible Operating System

Language:CGPL-2.0010

sandboxtank

Windows sandbox using buildins functions

Language:C++MIT010

SharpEDRChecker

Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.

Language:C#BSD-3-Clause010

marcosd4h

Marcos Oviedo's repositories

GhidraSnippets

moneta

CheekyBlinder

Crinkler

delete-self-poc

FOLIAGE

hookbong

HookDump

impacket_static_binaries

InterProcessCommunication-Samples

printjacker

sakeInject

TelemetrySourcerer

WinDefend_ZeroDay

Extensible-Storage-Engine

FileTest

IOXIDResolver

KSOCKET

LogicalAnalyzer

malware

NTLib

openprocmon

reactos

sandboxtank

SharpEDRChecker

shellcodeloader-1

vulnerable-AD

wil

WindowsExploitationResources

winsilo