A collection of projects demonstrating various commandline cloaking techniques on Linux
☆61Aug 4, 2022Updated 3 years ago
Alternatives and similar repositories for commandline_cloaking
Users that are interested in commandline_cloaking are comparing it to the libraries listed below
Sorting:
- A CLI tool for leveraging IDP signing keys to impersonate users and groups☆19Apr 1, 2021Updated 4 years ago
- ☆17Sep 10, 2021Updated 4 years ago
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 4 years ago
- Catalog Red Team techniques that cause popups in various macOS versions☆15Nov 18, 2024Updated last year
- Spins up a docker container with several useful tools for offensive security in macOS/cloud environments. Also installs the needed depend…☆18Nov 3, 2021Updated 4 years ago
- Swift code to run a dylib on disk☆16May 9, 2022Updated 3 years ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- Collection of Slides From My Conference Talks☆20Nov 21, 2022Updated 3 years ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆40Jul 27, 2021Updated 4 years ago
- pam_python is a PAM module that runs the Python interpreter, and so allows PAM modules to be written in Python.☆22Apr 24, 2020Updated 5 years ago
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- Provides an easy way to collect and send Slack access & integration logs.☆13Oct 19, 2021Updated 4 years ago
- Discover which process execute a hunted binary inside macOS☆27Dec 15, 2021Updated 4 years ago
- Shell wrapper with keylogger (local log or syslog)☆13Nov 1, 2017Updated 8 years ago
- 🦈 Prometheus exporter for pcap metrics☆16Feb 15, 2023Updated 3 years ago
- Assorted, MIT licensed, threat hunting rules from @bradleyjkemp☆14Mar 11, 2022Updated 3 years ago
- A list of backdoor samples I find online.☆13Dec 16, 2019Updated 6 years ago
- Execute MachO binaries in memory using CGo☆79May 24, 2021Updated 4 years ago
- Various utilities useful for developers writing BPF tools☆31Apr 12, 2023Updated 2 years ago
- ☆12Apr 7, 2022Updated 3 years ago
- A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.☆62Jun 2, 2018Updated 7 years ago
- Swift code to parse the quarantine history database, Chrome history database, Safari history database, and Firefox history database on ma…☆15Dec 3, 2020Updated 5 years ago
- Some simple scripts for decrypting passwords retrieved from a Manage Engine OpManager installation☆11Jan 28, 2016Updated 10 years ago
- A collection of pen-testing/hacking scripts. Various uses.☆13Oct 24, 2020Updated 5 years ago
- go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems☆13Sep 28, 2023Updated 2 years ago
- Simple stacking window manager for X11☆11Aug 26, 2020Updated 5 years ago
- A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/Persist…☆34Apr 15, 2021Updated 4 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Research of modifying exported function names at runtime (C/C++, Windows)☆18May 28, 2024Updated last year
- #️⃣ 🕸️ 👤 HTTP Headers Hashing☆13Aug 27, 2023Updated 2 years ago
- Work with the AWS IP address ranges in native Python.☆13Sep 21, 2023Updated 2 years ago
- Exploring different process injection techniques based on malware analysis☆14Dec 28, 2023Updated 2 years ago
- php decrypt environment for study☆17Jan 10, 2024Updated 2 years ago
- Various implementations for C# in memory execution. Assembly.Load() Assembly.LoadFile() AppDomain.ExecuteAssembly()☆34Feb 10, 2021Updated 5 years ago
- A library to parse macOS LoginItems☆18Aug 28, 2022Updated 3 years ago
- Swift code to programmatically perform dylib injection☆52Oct 29, 2022Updated 3 years ago
- Rules Shared by the Community from 100 Days of YARA 2023 -☆18Apr 10, 2023Updated 2 years ago
- POC for a basic C2 server using the python aiohttp framework☆15Mar 22, 2020Updated 5 years ago