r3b3llion's starred repositories
frameless-bitb
A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.
CredMaster
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
PE-Obfuscator
PE obfuscator with Evasion in mind
FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
frida-interception-and-unpinning
Frida scripts to directly MitM all HTTPS traffic from a target mobile application
no-defender
A slightly more fun way to disable windows defender + firewall. (through the WSC api)
NativeDump
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)
Nimperiments
Various one-off pentesting projects written in Nim. Updates happen on a whim.
FullBypass
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.
InflativeLoading
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
EternelSuspention
a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
BobTheSmuggler
"Bob the Smuggler": A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots).
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
exfiltrate
exfiltration/infiltration toolkit