Giter Club home page Giter Club logo

h0n3yb's Projects

aceldr icon aceldr

Cobalt Strike UDRL for memory scanner evasion.

adreaper icon adreaper

A fast enumeration tool for Windows Active Directory Pentesting written in Go

bflat icon bflat

C# as you know it but with Go-inspired tooling (small, selfcontained, and native executables)

busysleepbeacon icon busysleepbeacon

This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built in Sleep() call. Most of the structure e.g. Sleep hook, shellcode exec etc. are taken from mgeeky's https://github.com/mgeeky/ShellcodeFluctuation.

creadmemory icon creadmemory

Read Memory without ReadProcessMemory for Current Process

deepsleep icon deepsleep

A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC

doge-gabh icon doge-gabh

GetProcAddressByHash/remap/full dll unhooking/Hell's Gate/Tartaru's Gate/RecycledGate/universal/Perun's Fart golang implementation

doppelgate icon doppelgate

DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userland Hooking.

driploader icon driploader

Evasive shellcode loader for bypassing event-based injection detection (PoC)

etwti-syscall-hook icon etwti-syscall-hook

A simple program to hook the current process to identify the manual syscall executions on windows

foliage icon foliage

Experiment on reproducing Obfuscate & Sleep

herpaderply_hollowing icon herpaderply_hollowing

Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping

inceptor icon inceptor

Template-Driven AV/EDR Evasion Framework

mortar icon mortar

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

nim-halosgate-injector icon nim-halosgate-injector

Shellcode Injector that obtains system call opcodes using the Halo's Gate method to evade EDR Hooks.

nimlinewhispers icon nimlinewhispers

A very proof-of-concept port of InlineWhispers for using syscalls in Nim projects.

peloader icon peloader

PE loader with various shellcode injection techniques

ppid-spoofing icon ppid-spoofing

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

ppldump icon ppldump

Dump the memory of a PPL with a userland exploit

pr0cess icon pr0cess

some gadgets about windows process and ready to use :)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.