Category: Exploitation

DLL Hijacking Discovery Tool

Spartacus v2.2 releases: DLL Hijacking Discovery Tool

Spartacus DLL Hijacking Spartacus is utilising the SysInternals Process Monitor and is parsing raw PML log files. You can leave ProcMon running for hours and discover 2nd and 3rd level (ie an app that loads another...

boofuzz

boofuzz v0.4.2 releases: Network Protocol Fuzzing for Humans

boofuzz: Network Protocol Fuzzing for Humans It is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, it aims for extensibility. The goal: fuzz everything. Features Like Sulley, boofuzz...

memory PE loading

HeaderLessPE: memory PE loading technique

HeaderLessPE HeaderLessPE is a memory PE loading technique used by the Icedid Trojan. Based on this technology, we propose a new way of file-less attack using HVNC. This enhancement allows to inject HeaderLessPE to...

shellcode encryption tool

Supernova v1.0 releases: shellcode encryption tool

Supernova Supernova is an open-source Golang tool that empowers users to securely encrypt their raw shellcodes. Additionally, it offers automatic conversion of the encrypted shellcode into formats compatible with various programming languages, including: C...

Windows containers framework

ContainYourself: abuses the Windows containers framework to bypass EDRs

ContainYourself A PoC of the ContainYourself research, presented on DEFCON 31. This tool abuses the Windows containers framework to bypass EDR file-system-based malware protection, file write restrictions, and ETW-based correlations. This repo contains a static...