WithSecureLabs / lolcerts
A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors
☆341Updated 10 months ago
Alternatives and similar repositories for lolcerts:
Users that are interested in lolcerts are comparing it to the libraries listed below
- The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.☆291Updated last year
- A repository of credential stealer formats☆193Updated last month
- ☆185Updated last year
- Nuke It From Orbit - remove AV/EDR with physical access☆254Updated 2 months ago
- AV/EDR Evasion Lab for Training & Learning Purposes☆1,152Updated this week
- Venom is a library that meant to perform evasive communication using stolen browser socket☆375Updated last year
- A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…☆167Updated this week
- Analyse your malware to surgically obfuscate it☆452Updated last month
- The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).☆356Updated this week
- ☆206Updated 3 weeks ago
- ☆530Updated 10 months ago
- MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.☆255Updated 6 months ago
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆715Updated last year
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆782Updated this week
- A delicious, but malicious SSL-VPN server 🌮☆205Updated 2 months ago
- a tool to help operate in EDRs' blind spots☆706Updated 2 months ago
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆118Updated 3 weeks ago
- Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls☆359Updated 4 months ago
- Simulate the behavior of AV/EDR for malware development training.☆461Updated last year
- Because AV evasion should be easy.☆666Updated 2 months ago
- An ADCS honeypot to catch attackers in your internal network.☆280Updated 7 months ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆628Updated 4 months ago
- Aims to identify sleeping beacons☆564Updated 2 months ago
- Patching "signtool.exe" to accept expired certificates for code-signing.☆273Updated 7 months ago
- A tool to find folders excluded from AV real-time scanning using a time oracle☆231Updated last year
- Free training course offered at Hack Space Con 2023☆137Updated last year
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆173Updated last year
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆191Updated last month
- Python tool to check rootkits in Windows kernel☆192Updated 2 weeks ago
- ☆338Updated last year