Cody Gilbert's repositories
Nidhogg
Nidhogg is an all-in-one simple to use rootkit.
Above
Invisible network protocol sniffer
SecretPixel
SecretPixel is a cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the realm of digital steganography by combining advanced encryption, compression, and a seeded Least Significant Bit (LSB) technique to provide a robust solution for embedding data undetectably.
Venoma
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
CsWhispers
Source generator to add D/Invoke and indirect syscall methods to a C# project.
BestEdrOfTheMarket
Little AV/EDR bypassing lab for training & learning purposes
D3m0n1z3dShell
Demonized Shell is an Advanced Tool for persistence in linux.
Winton
Command and Control (C2) framework
MutationGate
Use hardware breakpoint to dynamically change SSN in run-time
van-gonography
Hide 🕵️♂️ your files of any type inside a image of your choice using steganography
DotNET_XorCryptor
A new simple and powerfull packer for malware
Api-Patcher
Api Patcher is a straightforward tool leveraging API hooking to patch and modify certain behaviors in a targeted environment.
sclauncher
A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.
obfuscator
PE bin2bin obfuscator
Thread-Pool-Injection-PoC
Proof of concept code for thread pool based process injection in Windows.
NativeThreadpool
Work, timer, and wait callback example using solely Native Windows APIs.
retoolkit
Reverse Engineer's Toolkit
MemshellKit
针对多个框架的高度自定义的内存马一键打入工具 | A highly customized memory shell one-click injection tool for multiple frameworks
Stardust
A modern 64-bit position independent implant template
ExecIT
Execute shellcode files with rundll32
LOLSpoof
An interactive shell to spoof some LOLBins command line
SyscallMeMaybe
Implementation of Indirect Syscall technique to pop a calc.exe
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
symbiotic
Symbiotic is a tool for finding bugs in computer programs based on instrumentation, program slicing and KLEE
RemoteTLSCallbackInjection
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process