ewn's starred repositories
PoolPartyBof
A beacon object file implementation of PoolParty Process Injection Technique.
BofAllTheThings
Creating a repository with all public Beacon Object Files (BoFs)
360QVM_bypass
通过生成不同hash的ico并写入程序中,实现批量bypass360QVM
Sign-Sacker
Sign-Sacker(签名掠夺者):一款数字签名复制器,可将其他官方exe中数字签名,图标,详细信息复制到没有签名的exe中,作为免杀,权限维持,伪装的一种小手段。
rustdesk-hvnc
HVNC based on RustDesk
WeblogicTool
WeblogicTool,GUI漏洞利用工具,支持漏洞检测、命令执行、内存马注入、密码解密等(深信服深蓝实验室天威战队强力驱动)
ExecuteAssembly
Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).
injection-stuff
PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts
nopowershell
PowerShell rebuilt in C# for Red Teaming purposes
Eventlogedit-evtx--Evolution
Remove individual lines from Windows XML Event Log (EVTX) files
SharpSocks5
Tunnellable HTTP/HTTPS socks5 proxy written in C#
SharpSocks
Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
pingtunnel
Pingtunnel is a tool that send TCP/UDP traffic over ICMP