Giters
Mariusz Banach (mgeeky)

mgeeky

Geek Repo

2k

followers

95

following

3k

stars

Company:Binary-Offensive.com

Location:Poland

Home Page:https://binary-offensive.com

Twitter:@mariuszbit

Github PK Tool:Github PK Tool

Mariusz Banach's repositories

Penetration-Testing-Tools

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

Language:PowerShellLicense:MITStargazers:2420Issues:84Issues:6

cobalt-arsenal

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

Language:PowerShellLicense:MITStargazers:980Issues:31Issues:2

ThreadStackSpoofer

Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

Language:C++License:MITStargazers:939Issues:27Issues:1

RedWarden

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Language:PythonLicense:GPL-3.0Stargazers:858Issues:21Issues:21

ShellcodeFluctuation

An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

Language:C++License:MITStargazers:843Issues:19Issues:3

PackMyPayload

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

Language:PythonLicense:MITStargazers:799Issues:17Issues:8

ProtectMyTooling

Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.

Language:PowerShellLicense:MITStargazers:781Issues:25Issues:5

decode-spam-headers

A script that helps you understand why your E-Mail ended up in Spam

Language:PythonLicense:MITStargazers:497Issues:16Issues:12

Stracciatella

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

Language:C#License:GPL-3.0Stargazers:485Issues:14Issues:9

tomcatWarDeployer

Apache Tomcat auto WAR deployment & pwning penetration testing tool.

Language:PythonLicense:GPL-3.0Stargazers:397Issues:16Issues:13

ElusiveMice

Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind

Language:CLicense:MITStargazers:388Issues:11Issues:3

UnhookMe

UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware

Language:C++License:MITStargazers:339Issues:11Issues:1

SharpWebServer

Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality

Language:C#License:GPL-3.0Stargazers:272Issues:11Issues:1

AzureRT

AzureRT - A Powershell module implementing various Azure Red Team tactics

Language:PowerShellLicense:MITStargazers:218Issues:9Issues:2

expdevBadChars

Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.

Language:PythonLicense:GPL-3.0Stargazers:200Issues:10Issues:3

msidump

MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.

Language:PythonStargazers:181Issues:6Issues:4

Exploit-Development-Tools

A bunch of my exploit development helper tools, collected in one place.

Language:PythonLicense:GPL-3.0Stargazers:141Issues:11Issues:0

msi-shenanigans

Proof of Concept code and samples presenting emerging threat of MSI installer files.

Language:PythonStargazers:75Issues:3Issues:0

PE-library

Lightweight Portable Executable parsing library and a demo peParser application.

Language:C++License:MITStargazers:70Issues:5Issues:1

CustomXMLPart

A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.

Language:VBALicense:GPL-3.0Stargazers:32Issues:3Issues:1

digitalocean-app-redirector

Reverse-HTTP Redirector via DigitalOcean Apps Platform

Language:PythonLicense:MITStargazers:24Issues:21Issues:1

mgeeky

Stargazers:9Issues:4Issues:0

Havoc

The Havoc Framework

Language:GoLicense:GPL-3.0Stargazers:5Issues:1Issues:0

ScareCrow

ScareCrow - Payload creation framework designed around EDR bypass.

Language:GoLicense:MITStargazers:5Issues:1Issues:0

PowerUpSQL

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

Language:PowerShellLicense:NOASSERTIONStargazers:4Issues:1Issues:0

CS-Remote-OPs-BOF

Language:CLicense:GPL-2.0Stargazers:3Issues:1Issues:0

DeathSleep

A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.

Language:PythonStargazers:2Issues:2Issues:0

forensicsim

A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and reactions from a Microsoft Teams IndexedDB LevelDB database.

Language:PythonLicense:MITStargazers:2Issues:1Issues:0

misc

miscellaneous scripts and programs

Language:CStargazers:0Issues:1Issues:0

sleep_python_bridge

This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client. NOTE: This project is very much in BETA. The goal is to provide a playground for testing and is in no way an officially support feature. Perhaps this could be somethin

Language:PythonLicense:Apache-2.0Stargazers:0Issues:1Issues:0