Nariod / ronflex
Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pentesters. Written in Rust.
☆13Updated last year
Related projects ⓘ
Alternatives and complementary repositories for ronflex
- Rust Implementation of SharpDllProxy for DLL Proxying Technique☆28Updated 2 years ago
- Working repo used to experiment with various languages as it relates to offensive security & evasion.☆30Updated 5 months ago
- ☆47Updated last year
- A collection of random small Aggressor snippets that don't warrant their own repo☆23Updated last year
- ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.☆43Updated last year
- Creation and removal of Defender path exclusions and exceptions in C#.☆30Updated last year
- ShootCutMe an .LNK file creator tool for redteamer☆14Updated last month
- Items related to the RedELK workshop given at security conferences☆27Updated last year
- ☆46Updated last year
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆80Updated last year
- A lightweight HTTP/HTTPS reverse proxy for efficient, policy-based traffic filtering and redirection.☆40Updated last year
- in-process powershell runner for BRC4☆37Updated last year
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆66Updated last year
- This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…☆50Updated last year
- PhantomsGate: Advanced Shellcode Injection Technique☆24Updated 4 months ago
- Reasonably undetected shellcode stager and executer.☆35Updated 2 months ago
- ☆16Updated last month
- ☆24Updated 3 years ago
- Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe☆13Updated 11 months ago
- Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic lo…☆25Updated last year
- A repository with my code snippets for research/education purposes.☆50Updated last year
- A third-party Gopher Assassin for the Havoc Framework.☆44Updated 10 months ago
- Create PDFs with HTML smuggling attachments that save on opening the document.☆27Updated last year
- Code Execution & Persistence in NETWORK SERVICE FAX Service☆31Updated 2 years ago
- ProcExp Driver (Ab)use☆20Updated last year
- Proof of Concept Exploit for CVE-2024-9465☆25Updated last month
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆81Updated last year
- Just another ntdll unhooking using Parun's Fart technique☆72Updated last year
- load dumped csharp binaries as assemblies and launch them in memory☆26Updated 9 months ago