0xTriboulet / ZeroTotal
A collection of source code, binaries, and compilation scripts designed to bypass detection
☆25Updated last year
Related projects: ⓘ
- Slide decks and/or materials from conference presentations☆55Updated last year
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆74Updated 10 months ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆87Updated last year
- malleable profile generator GUI for Havoc☆53Updated last year
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆56Updated 11 months ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆84Updated last year
- ☆68Updated this week
- ShellcodeFluctuation PoC ported to Nim☆72Updated last year
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Updated last year
- This repo hosts a poc of how to execute F# code within an unmanaged process☆64Updated 2 months ago
- A quick example of the Hells Gate technique in Nim☆93Updated 3 years ago
- Find .net assemblies locally☆85Updated last year
- Python module for running BOFs☆63Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- Red Team Operation's Defense Evasion Technique.☆50Updated 3 months ago
- ☆68Updated last year
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆37Updated 2 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆77Updated last year
- Just another ntdll unhooking using Parun's Fart technique☆70Updated last year
- ☆57Updated 9 months ago
- PoC-Malware-TTPs☆48Updated last year
- ☆101Updated 4 months ago
- Rewrote HellsGate in C# for fun and learning☆83Updated 2 years ago
- Reasonably undetected shellcode stager and executer.☆34Updated last week
- ☆70Updated last year
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆60Updated last year
- ☆47Updated last year
- ☆67Updated 10 months ago
- ☆65Updated this week