p25072004's repositories
ridhijack
通过C/C++实现的 Windows RID Hijacking persistence technique (RID劫持 影子账户 账户克隆).
A-Red-Teamer-diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
ScatterBee_Analysis
Scripts to aid analysis of files obfuscated with ScatterBee.
fscan
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
CS_fakesubmit
一个可以伪装上线Cobaltstrike的脚本
beacon_health_check
This aggressor script uses a beacon's note field to indicate the health status of a beacon.
SharpSQLTools
SharpSQLTools 和@Rcoil一起写的小工具,可上传下载文件,xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作。
Kage
Kage is Graphical User Interface for Metasploit Meterpreter and Session Handler
injection
Windows process injection methods
FinSpyVM
Static unpacker for FinSpy VM
Windows-EventLog-Bypass
Use subProcessTag Value From TEB to identify Event Log Threads
kingkong
解密哥斯拉webshell管理工具流量
note
一些笔记
HexRaysDeob
Hex-Rays microcode API plugin for breaking an obfuscating compiler
Python_editor
Better CodeEditor for Ida Pro.
DSInternals
Directory Services Internals (DSInternals) PowerShell Module and Framework
SharpOxidResolver
IOXIDResolver from AirBus Security/PingCastle
azazel
Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.
winsmsd
Windows (ShadowMove) Socket Duplication
OxidBindings
Extract all IP of a computer using DCOM without authentication (aka detect network used for administration)
BeaconTool
Practice Go programming and implement CobaltStrike's Beacon in Go
apache2_BackdoorMod
A backdoor module for Apache2
sacara
Sacara VM
BeaconTelegram
Send message on Telegram when you get a new Cobalt Strike beacon
apache-
apache权限维持后门
webshell-scan
Simple web shell scanner written in Golang.