Mez0's starred repositories
DetectWindowsCopyOnWriteForAPI
Enumerate various traits from Windows processes as an aid to threat hunting
TeamFiltration
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
blackhat-usa-2022-demos
Demos for the Blackhat USA 2022 talk "Taking Kerberos to the Next Level"
cs-token-vault
In-memory token vault BOF for Cobalt Strike
protections-artifacts
Elastic Security detection content for Endpoint
NimicStack
NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs
CrossLinked
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
DeathSleep
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
ProtectMyTooling
Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.
Azure-Red-Team
Azure Security Resources and Notes
windows-coerced-authentication-methods
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
maldev-for-dummies
A workshop about Malware Development
CallStackSpoofer
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
MalSeclogon
A little tool to play with the Seclogon service
Brute-Ratel-C4-Community-Kit
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4 (https://bruteratel.com/)