八〇六's starred repositories
goproxy
🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
AADInternals
AADInternals PowerShell module for administering Azure AD and Office 365
steganography
Simple C++ Image Steganography tool to encrypt and hide files insde images using Least-Significant-Bit encoding.
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
ShellcodeFluctuation
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
HWSyscalls
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
PipeViewer
A tool that shows detailed information about named pipes in Windows
windows-powershell-docs
This repo is used to contribute to Windows 10, Windows Server 2016, and MDOP PowerShell module documentation.
JNDInjector
一个高度可定制化的JNDI和Java反序列化利用工具
BofAllTheThings
Creating a repository with all public Beacon Object Files (BoFs)
sshd_backdoor
/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
NTDLLReflection
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table
CVE-2023-21608
Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit
RpcInvestigator
Exploring RPC interfaces on Windows
serviceDetector
Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin privileges.
Proxy-DLL-Loads
The code is a pingback to the Dark Vortex blog:
CVE-2022-44666
Write-up for another forgotten Windows vulnerability (0day): Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape, which was not fully fixed as CVE-2022-44666 in the patches released on December, 2022.
CreateRemoteThreadPlus
CreateRemoteThread: how to pass multiple parameters to the remote thread function without shellcode.