ray's repositories
attacker_new
attacker_new
CrimsonEDR
Simulate the behavior of AV/EDR for malware development training.
datasketch
MinHash, LSH, LSH Forest, Weighted MinHash, HyperLogLog, HyperLogLog++, LSH Ensemble and HNSW
deluder
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
ETWProcessMon2
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
GPT_Vuln-analyzer
Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It can also perform subdomain enumeration to a great extent
InsightEngineering
Hardcore Debugging
MagicDot
A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
marker
Convert PDF to markdown quickly with high accuracy
metabigor
OSINT tools and more but without API key
mortar
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
OffensiveCpp
This repo contains C/C++ snippets that can be handy in specific offensive scenarios.
OpenGFW
OpenGFW is a flexible, easy-to-use, open source implementation of GFW on Linux
pi-hosted
Raspberry Pi Self Hosted Server Based on Docker / Portainer.io
proctools
Small toolkit for extracting information and dumping sensitive strings from Windows processes
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
SessionExec
Execute commands in other Sessions
SuperMega
Stealthily inject shellcode into an executable
theHarvester
E-mails, subdomains and names Harvester - OSINT
trex-core
trex-core site
UAC-BOF-Bonanza
Collection of UAC Bypass Techniques Weaponized as BOFs
VolWeb
A centralized and enhanced memory analysis platform
vulnerability-paper
收集的文章 https://mrwq.github.io/vulnerability-paper/
WinDbg_Scripts
Useful scripts for WinDbg using the debugger data model
windows-api-function-cheatsheets
A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.