oPensyLar

followers

following

stars

DevelSecurity

Râmnicu Vâlcea, Romania

oPen syLar's starred repositories

APCInjector

Windows Kernel Driver dlls injector using APC

Language:C++MIT5900

MaliciousMacroMSBuild

Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.

Language:PythonGPL-2.049200

MasterHide

A x64 Windows Rootkit using SSDT or Hypervisor hook

Language:C++MIT49400

HellsGate

Original C Implementation of the Hell's Gate VX Technique

Language:C94400

injdrv

proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC

Language:CMIT110700

LsassSilentProcessExit

Command line interface to dump LSASS memory to disk via SilentProcessExit

Language:C++43800

PowerLessShell

Run PowerShell command without invoking powershell.exe

Language:PythonNOASSERTION146900

kekeo

A little toolbox to play with Microsoft Kerberos in C

Language:C141400

RoguePotato

Another Windows Local Privilege Escalation from Service Account to System

Language:CGPL-3.0103500

ImHex

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Language:C++GPL-2.04412600

Dumpert

LSASS memory dumper using direct system calls and API unhooking.

Language:C147600

Cobalt-Strike-CheatSheet

Some notes and examples for cobalt strike's functionality

MIT97700

HideProcess

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

Language:C63300

DotNetToJScript

A tool to create a JScript file which loads a .NET v2 assembly from memory.

Language:C#GPL-3.0123400

KDU

Kernel Driver Utility

Language:CMIT193400

Invoke-PSImage

Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute

Language:PowerShellMIT216000

spoofing-office-macro

:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.

Language:VBAAGPL-3.037300

trigen

Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.

Language:Python19900

EternalBlueC

EternalBlue suite remade in C/C++ which includes: MS17-010 Exploit, EternalBlue vulnerability detector, DoublePulsar detector and DoublePulsar Shellcode & DLL uploader

Language:C52800

Ark-Server-Plugins

Server Plugins for ARK: Server API

Language:CMIT5500

routeros

RouterOS Security Research Tooling and Proof of Concepts

Language:C++BSD-3-Clause86600

hidden

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Language:C179100

PowerShdll

Run PowerShell with rundll32. Bypass software restrictions.

Language:C#MIT176000

PEzor

Open-Source Shellcode & PE Packer

Language:CGPL-3.0182000

sakeInject

Windows PE - TLS (Thread Local Storage) Injector in C/C++

Language:C10200

delete-self-poc

A way to delete a locked file, or current running executable, on disk.

Language:CMIT49000

wifi-learner

A tool to infer the security handshake state machine of a given WiFi router. Useful for vulnerability analysis

Language:Python1500

readmem

A small OS X/iOS userland util to dump processes memory

Language:C22200

Sloth

Mac app that shows all open files, directories, sockets, pipes and devices in use by all running processes. Nice GUI for lsof.

Language:Objective-CBSD-3-Clause827800

UbjsonCpp

A high performance C++14 library for effortlessly reading and writing UBJSON

Language:C++2400