PaulNorman01 / Forensia
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
☆758Updated last year
Alternatives and similar repositories for Forensia:
Users that are interested in Forensia are comparing it to the libraries listed below
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,176Updated last year
- Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques.☆806Updated 10 months ago
- AV/EDR Evasion Lab for Training & Learning Purposes☆1,242Updated this week
- sandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment☆729Updated 2 weeks ago
- Sandman is a NTP based backdoor for red team engagements in hardened networks.☆787Updated last year
- ☆707Updated last year
- Real fucking shellcode encryptor & obfuscator tool☆853Updated 3 weeks ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆915Updated 10 months ago
- kill anti-malware protected processes ( BYOVD) ( Microsoft Won)☆938Updated last year
- PowerShell Ransomware Simulator with C2 Server☆483Updated last year
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,651Updated 6 months ago
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆533Updated last month
- a tool to help operate in EDRs' blind spots☆730Updated 5 months ago
- Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in…☆512Updated 9 months ago
- Because AV evasion should be easy.☆716Updated 5 months ago
- A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage Power…☆746Updated last month
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆967Updated last year
- 🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific…☆550Updated last week
- Simulate the behavior of AV/EDR for malware development training.☆521Updated last year
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,218Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆675Updated last month
- A light-weight first-stage C2 implant written in Nim (and Rust).☆876Updated last month
- Cobalt Strike HTTPS beaconing over Microsoft Graph API☆590Updated 10 months ago
- MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.☆258Updated last year
- Useful C2 techniques and cheatsheets learned from engagements☆502Updated last month
- MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.☆515Updated 2 weeks ago
- ☆469Updated 5 months ago
- Dump cookies and credentials directly from Chrome/Edge process memory☆1,185Updated 5 months ago
- Loading Remote AES Encrypted PE in memory , Decrypted it and run it☆932Updated last year
- Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".☆658Updated last year