superuser5's repositories
abusing-cloudflare-workers
Abusing Cloudflare Workers to establish persistence and exfiltrate sensitive data at the edge.
AntimalwareBlight
Execute PowerShell code at the antimalware-light protection level.
AWS-Threat-Simulation-and-Detection
Playing around with Stratus Red Team (Cloud Attack simulation tool) and SumoLogic
callback_injection-Csharp
this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback functions
crux
A proof-of-concept malicious Chrome extension
cs-token-vault
In-memory token vault BOF for Cobalt Strike
Ekko
Sleep Obfuscation
EVTX-ETW-Resources
Event Tracing For Windows (ETW) Resources
Exploring-APT-campaigns
Further investigation in to APT campaigns disclosed by private security firms and security agencies
iscsicpl_bypassUAC
UAC bypass for x64 Windows 7 - 11
Mangle
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
MDK-SE
Malware's Development Kit for SE
NiCOFF
COFF and BOF Loader written in Nim
NimicStack
NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs
NlsCodeInjectionThroughRegistry
Dll injection through code page id modification in registry. Based on jonas lykk research
ObjCShellcodeLoader
macOS shellcode loader written in Objective-C
PINKPANTHER
Windows x64 handcrafted token stealing kernel-mode shellcode
QLoader
QLoader is a PE loader creator that helps you quickly create a non-exe loader for application
RDPHijack-BOF
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
red-team-toolbox
Suite of scripts that cover the phases of a Red Team Attack Lifecycle.
titanium-web-proxy
A cross-platform asynchronous HTTP(S) proxy server in C#.
TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
volplugins
Repository of Volatility3 plugins