JanielDary / ELFieScanner
A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by threat actors & those which have been incorporated into open-source user-mode rootkits.
☆72Updated 4 months ago
Related projects: ⓘ
- ☆98Updated 7 months ago
- Work in progress experiments with reverse shells, AV bypass and extraction of secrets from memory in C☆38Updated 4 years ago
- Presentation materials for my Black Hat USA 2022 Briefing and Arsenal talks☆64Updated 2 years ago
- ☆34Updated 5 months ago
- Small toolkit for extracting information and dumping sensitive strings from Windows processes☆109Updated 2 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆136Updated last month
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆64Updated 3 weeks ago
- ROPDump is a command-line tool designed to analyze binary executables for potential Return-Oriented Programming (ROP) gadgets, buffer ove…☆80Updated 4 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆92Updated 5 months ago
- BSides Prishtina 2024 Malware Development and Persistence workshop☆51Updated last month
- HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems.☆56Updated 2 months ago
- A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust☆79Updated 5 months ago
- ☆55Updated last year
- ☆36Updated 7 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆139Updated 4 months ago
- Monarch - The Adversary Emulation Toolkit☆57Updated 8 months ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆77Updated 7 months ago
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆80Updated last year
- ☆49Updated 10 months ago
- ☆35Updated 9 months ago
- ☆121Updated last month
- ☆155Updated 10 months ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆109Updated 11 months ago
- Retrieve inner payloads from Donut samples☆79Updated 7 months ago
- This repositery contains the slides, sometimes videos, and materials of my talks.☆25Updated last month
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆43Updated 3 months ago
- information about ransomware groups (Ransomware Analysis Notes)☆36Updated 8 months ago
- ☆105Updated last year
- Local & remote Windows DLL Proxying☆158Updated 3 months ago
- badger-builder is an AI-assisted tool for generating dynamic Brute Ratel C4 profiles☆53Updated 2 months ago