Mukarram Khalid's repositories
Amsi-Bypass-Powershell
This repo contains some Amsi Bypass methods i found on different Blog Posts.
AMSI_VEH
A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification.
C2_INFRA_WORKSHOP_DEFCON32_RED_TEAM_VILLAGE
C2 Infrastructure Automation
clroxide
A rust library that allows you to host the CLR and execute dotnet binaries.
cnext-exploits
Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()
CRTP-Notes
My notes containing the Certified Red Team Professional Course
DeadPotato
DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the original GodPotato source code by BeichenDream.
disable-flutter-tls-verification
A Frida script that disables Flutter's TLS verification
DojoLoader
Generic PE loader for fast prototyping evasion techniques
File-Tunnel
Tunnel TCP connections through a file
google-ctf
Google CTF
hackshell
Make BASH stealthy and hacker friendly with lots of bash functions
hookchain
HookChain: A new perspective for Bypassing EDR Solutions
laravel-sendgrid-driver
This library can add sendgrid driver into the laravel's mail configure.
LeakedWallpaper
Leak of any user's NetNTLM hash. Fixed in KB5040434
Lifetime-Amsi-EtwPatch
Two in one, patch lifetime powershell console, no more etw and amsi!
Lifetime-AmsiBypass
Lifetime AMSI bypass.
NimPlant
A light-weight first-stage C2 implant written in Nim.
No-Consolation
A BOF that runs unmanaged PEs inline
obj2shellcode
shellcode生成框架
Packer_Development
Slides & Code snippets for a workshop held @ x33fcon 2024
RemoteKrbRelay
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
shadow-rs
Windows Kernel Rootkit in Rust
Shellcode-Loader
This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.
SilentMoonwalk
PoC Implementation of a fully dynamic call stack spoofer
Tempest
A command and control framework written in rust.
Villain
Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Voidgate
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
windows-api-function-cheatsheets
A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.