Diego Capriotti's repositories
PythonMemoryModule
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
ProcessStomping
A variation of ProcessOverwriting to execute shellcode on an executable's section
ModuleShifting
Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctypes
python-bof-runner
Python inline shellcode injector that could be used to run BOFs by leveraging BOF2shellcode
UnhookingPatch
Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
BouncyGate
HellsGate in Nim, but making sure that all syscalls go through NTDLL.DLL (as in RecycledGate).
DropSpawn_BOF
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
GregsBestFriend
GregsBestFriend process injection code created from the White Knight Labs Offensive Development course
DarkLoadLibrary
LoadLibrary for offensive operations
FilelessRemotePE
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
FOLIAGE
Public variation of FOLIAGE ( original developer )
grimreaper
A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls
krbdump
A way to extract tickets in case I need to purge and restore tickets on the fly.
OffensivePipeline
OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.
RWX-Dlls-for-manual-mapping
Here are a few rwx dlls your can use to manual map your cheat dll, they will prob get checked soon...