Beast code in Giters

Conor Richard's repositories

manual-syscall-detect

A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.

Language:C++MIT97 6 1

SysWhispers2

AV/EDR evasion via direct system calls.

Language:AssemblyApache-2.097 20

atomiccaldera

A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files.

Language:PythonGPL-3.072 100

Useful-BloodHound-Queries

A collection of Neo4j/BloodHound queries to collect interesting information.

MIT45 30

SessionHound

A pair of scripts to import session and local group information that has been collected from alternate data sources into BloodHound's Neo4j database.

Language:PythonMIT19 30

compressedCredBandit

A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.

Language:C18 2 1

SharpMailBOF

A BOF.NET program to split a file into smaller chunks and email it via a specified SMTP relay.

Language:C#14 20

shellcode-learning

Working repository to store shellcode I am using to learn.

Language:Assembly10 20

Python-Exploit-Snippets

A collection of Python code snippets to aid in the authoring of Python Based PoCs.

Language:Python6 20

xenoscr.github.io

Conor Richard's (@xenoscr) GitHub.io Blog content

Language:SCSSMIT2 20

Advanced-Process-Injection-Workshop

Language:C++010

AlternativeShellcodeExec

Alternative Shellcode Execution Via Callbacks

Language:C++MIT000

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

Language:PowerShellMIT000

Creality-Ender-3-Max-Marlin-Configuration

Marlin configuration files for the Creality Ender 3 Max with a BL-Touch.

020

DetectionLab-XenosCR

Automate the creation of a lab environment complete with security tooling and logging best practices

Language:HTMLMIT010

EDRs

Language:C010

experiments

Expriments

Language:Python010

lab-scripts

Some scripts I use to help speed up lab machine setups.

Language:ShellMIT020

loadlibrary

Porting Windows Dynamic Link Libraries to Linux

Language:CGPL-2.0000

LOLBAS-1

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Language:XSLTGPL-3.0010

LOLBAS-old

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Language:XSLT020

NetUser

使用windows api添加用户，可用于net无法使用时.分为nim版，c++版本，RDI版，BOF版。

Language:C++010

Proxy-Function-Calls-For-ETwTI

The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/

Language:CGPL-3.0000

qmk_firmware

Open-source keyboard firmware for Atmel AVR and Arm USB families

Language:CGPL-2.0000

SharpUnhooker

C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)

Language:C#010

shellcode-odzhan

Shellcodes for Windows/Linux/BSD running on x86, AMD64, ARM, ARM64

Language:C000

threaded-bucket-finder

A python script to find S3 Buckets for penetration testing or other engagements.

Language:Python010

tri-a-gen

Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.

Language:Python010

wowGrail

PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)

Language:C++GPL-3.0010

YubiKey-Guide

Guide to using YubiKey for GPG and SSH

Language:ShellMIT000