Cerbersec / notesLinks
Resources and articles I need to take a look at. Mostly about malware/exploit development and analysis.
☆83Updated 3 years ago
Alternatives and similar repositories for notes
Users that are interested in notes are comparing it to the libraries listed below
Sorting:
- POC for frustrating/defeating Malware Analysts☆156Updated 3 years ago
- ☆113Updated 3 years ago
- Bypass Malware Time Delays☆103Updated 2 years ago
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 2 years ago
- Do some DLL SideLoading magic☆86Updated last year
- A fake AMSI Provider which can be used for persistence.☆151Updated 4 years ago
- It's pointy and it hurts!☆126Updated 2 years ago
- A technique of hiding malicious shellcode via Shannon encoding.☆258Updated 2 years ago
- Infect Shared Files In Memory for Lateral Movement☆194Updated 2 years ago
- Experiment on reproducing Obfuscate & Sleep☆146Updated 4 years ago
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆137Updated 2 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆87Updated 3 years ago
- Evasive Process Hollowing Techniques☆142Updated 5 years ago
- ☆165Updated last year
- ☆108Updated 2 years ago
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆147Updated 3 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆169Updated 2 years ago
- Finding secrets in kernel and user memory☆116Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆124Updated 2 years ago
- Simple EDR implementation to demonstrate bypass☆173Updated 5 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆103Updated 3 years ago
- Windows internals and exploitation tricks☆105Updated 2 months ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆194Updated 2 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆158Updated 4 years ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆120Updated last year
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Updated 2 years ago
- A small project to bypass UAC in windows 10/8/7 using dll injection technique☆74Updated 5 years ago
- Windows APT Warfare, published by Packt☆72Updated 2 years ago