zmkeh's repositories
Akame-Loader
Akame is an open-source, UD shellcode loader written in C++17.
APTRS-
Automated Penetration Testing Reporting System 自动化渗透测试报告
awesome-bootkit
Bootkits
ClangTest
llvm driver+exe clang
Collect-MemoryDump
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
CVE-2022-39197
CobaltStrike <= 4.7.1 RCE
DCMB
Dont Call Me Back - Dynamic kernel callback resolver.
DeleteShadowCopies
Deleting Shadow Copies In Pure C++
DLLirant
DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary. dll自动化劫持
DragonCastle
A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
EC
open-source cheat / penetration test for anti-cheats
ErebusGate
ErebusGate for Nim Bypass AV/EDR
KeeFarceReborn
A standalone DLL that exports databases in cleartext once injected in the KeePass process.
Kernel-Cactus
It's pointy and it hurts!
KittyStager
KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.
malware-souk
Collaborative malware exchange repository.
ovpn-dco-win
OpenVPN Data Channel Offload driver for Windows
PatchThatAMSI
this repo contains 6 AMSI patches , both force the triggering of a conditional jump inside AmsiOpenSession() that close the Amsi scanning session. The 1st patch by corrupting the Amsi context header and the 2nd patch by changing the string "AMSI" that will be compared to the Amsi context header to "D1RK". The other just set ZF to 1.
RePulsar
SMB-backdoor implementation
RwxMeme
State of the art DLL injector that took 20 minutes to make
ScreenshotBOF
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.
siphon
:alembic: Intercept stdin/stdout/stderr for any process ;linux拦截进程输入输出
Spartacus
Spartacus DLL Hijacking Discovery Tool dll自动化劫持
SSN_Resolver
dynamically resolving System Service Number (syscall number) by offsets from the PEB with API hashing
stager_libpeconv
A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
StopDefender
Stop Windows Defender programmatically
windowskernelprogrammingbook
The Windows Kernel Programming book samples