reveng007

DarkWidow

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

Learning-EDR-and-EDR_Evasion

I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning path for me.

reveng_rtkit

Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.

AMSI-patches-learned-till-now

I have documented all of the AMSI patches that I learned till now

Executable_Files

Database for custom made as well as publicly available stage-2 or beacons or stageless payloads, used by loaders/stage-1/stagers, or for further usage of C2 as well

ETW_patches_from_userMode_learned_till_now

ETW patches from userMode learned till now

AQUARMOURY

My musings in C and offensive tooling

VulnCon-WorkShop-Slides

VulnCon WorkShop - Maldev Workshop : Offensive TradeCraft - Syscalls to Stack Spoofing

BEAR

Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha to secure communication between the payload and the operator machine.

Jomungand-HWBP-MemScanEvade

Shellcode Loader with memory evasion

RemoveFalsePositives

Just a small python script which spits out unsigned char representation for Hooked Underlying Ntapis (Which are False Positives) , for c/cpp Usage

Tartarus-TpAllocInject

.NetConfigLoader-MA

.net config loader

CPTS-cheatsheet

HackTheBox Certified Penetration Tester Specialist Cheatsheet

HeapCrypt

Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap

KrakenMask

Sleep obfuscation

reveng007

reveng007.github.io

Windows-Internals

Important notes and topics on my journey towards mastering Windows Internals

BlockOpenHandle

Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners

blog

bloodyAD

BloodyAD is an Active Directory Privilege Escalation Framework

Certipy-merged-with-esc15

Tool for Active Directory Certificate Services enumeration and abuse

Cronos-MemoryScanEvasion

PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners.

DetectCobaltStomp

Detects Module Stomping as implemented by Cobalt Strike

dploot-PostExp.py

DPAPI looting remotely in Python

myAwesome_CETP

NET-Tools-For-CI-CD-pipelining

NET Tools for CI CD pipelining usecase!

NightmangleTelegramC2

StackCrypt

Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume threads