rmusser01

Infosec_Reference

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

AceLdr

Cobalt Strike UDRL for memory scanner evasion.

AMSI-ETW-Patch

Patch AMSI and ETW

GadgetToJScript

A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS based scripts.

Havoc

The Havoc Framework.

Jlaive

.NET Antivirus Evasion Tool (Exe2Bat)

PSBits

Simple (relatively) things allowing you to dig a bit deeper than usual.

T-Mobster

Purpose-built Red Team network hardware implant made from common components.

WTSRM

WTSRM

YetAnotherWildcardCollection

Goal: Create a comprehensive wildcard collection not focused on NSFW

CSharp-Alt-Shellcode-Callbacks

A collection of (even more) alternative shellcode callback methods in CSharp

CVE-2023-23397-POC-Powershell

drivers_and_shit

KernelMode-Code

2022 Updated Kernelmode-Code

meme-rw

Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode

ntdlll-unhooking-collection

different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)

NTDLLReflection

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

PPL-Duck

pybof

Python module for running BOFs

RebirthGuard

Anti-cheat library for Windows C++

ReflectiveNtdll

A Dropper POC focusing EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber

requestbin

Python3 version of Runscope/requestbin

sample_dbs

Databases with sample data for testing

SharpLDAP

SharpLDAP is a tool writting in C# that aims to do enumeration via LDAP queries

Shellcode-Hide

This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp, socket)

TitanLdr-1

Public variation of Titan Loader

titanldr-ng

A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.

TransitionalPeriod-1

Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits

TymSpecial

SysWhispers integrated shellcode loader w/ ETW patching, anti-sandboxing, & spoofed code signing certificates

youtube-dl-gui

A cross-platform GUI for youtube-dl made in Electron and node.js