GoPurple This project is a simple collection of various shellcode injection techniques, aiming to streamline the process of endpoint detection evaluation, besides challenging myself to get into the Golang world....
masm_shc A helper utility for creating shellcodes. Cleans MASM file generated by MSVC gives refactoring hints. demos Examples of the code to be refactored to shellcode: popup.cpp – a simple...
GRAT2 GRAT2 is a Command and Control (C2) tool written in python3 and the client in .NET 4.0. The main idea came from Georgios Koumettou who initiated the project. Current Features: Evasion...
PEzor an Open-Source PE Packer The phases of the development that will be described in detail are: set up the development environment with Mingw-w64 and LLVM shellcode injection with syscall inlining via NTDLL...
PetaQ PetaQ is a malware which is being developed in .NET Core/Framework to use websockets as Command & Control (C2) channels. It’s designed to provide a Proof of Concept (PoC)...
Abusing Kerberos Resource-Based Constrained Delegation This repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active Directory Domain. The difference from other common implementations is...
WMIHACKER(No need 445 Port) Bypass anti-virus software lateral movement command execution test tool(No need 445 Port) Introduction: The common WMIEXEC, PSEXEC tool execution command is to create a service or...
CrossC2 framework – Generator CobaltStrike’s cross-platform beacon CrossC2 framework is a security framework for enterprises and Red Team personnel supports CobaltStrike’s penetration testing of other platforms (Linux / MacOS /...
ddoor cross-platform backdoor using dns txt records What is ddor? ddor is a cross-platform lightweight backdoor that uses txt records to execute commands on infected machines. Features Allows a single...
artifacts kit Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS. The artifact kit allows the user to...
Exploitation / Reverse Engineering
by do son · Published August 14, 2020 · Last modified May 1, 2024
Telemetry Sourcerer Telemetry Sourcerer can enumerate and disable common sources of telemetry used by AV/EDR on Windows. Red teamers and security enthusiasts can use this tool in a lab environment...
pe_to_shellcode Converts PE so that it can be then injected just like a normal shellcode. (At the same time, the output file remains to be a valid PE). Supports both...
Social Engineering Using “Hidden” Macros In Excel You may ask why not simply use code that doesn’t actually touch the workbook and the main reason why is to avoid network...
dropengine Malleable payload generation framework. Install git clone https://github.com/s0lst1c3/dropengine.git python3.7 -m venv venv source venv/bin/activate Use Constructing a Basic Payload Module Selection DropEngine accepts a list of module names from...
Mistica Mística is a tool that allows us to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications. Currently, encapsulation into...
Support Securityonline.info site. Thanks!
