volexity / donut-decryptorLinks
Retrieve inner payloads from Donut samples
☆107Updated last year
Alternatives and similar repositories for donut-decryptor
Users that are interested in donut-decryptor are comparing it to the libraries listed below
Sorting:
- Windows Persistence IT-Security☆104Updated 6 months ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆122Updated this week
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆88Updated last year
- Local & remote Windows DLL Proxying☆165Updated last year
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆140Updated last year
- ☆120Updated last year
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Updated 5 months ago
- IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.☆105Updated last year
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Updated last year
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆105Updated last year
- Blog/Journal on how to backdoor VSCode extensions☆73Updated last month
- A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.☆218Updated last month
- ☆87Updated 2 years ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆141Updated last month
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆235Updated 3 weeks ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆160Updated last year
- Payload encoding utility to effectively lower payload entropy.☆119Updated 5 months ago
- Enumerate active EDR's on the system☆105Updated 3 weeks ago
- ☆105Updated last year
- ☆157Updated 9 months ago
- Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By f…☆291Updated 2 weeks ago
- Find DLLs with RWX section☆81Updated 2 years ago
- POC of GITHUB simple C2 in rust☆52Updated last month
- .NET tool used to enrich RPC telemetry☆100Updated 3 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆192Updated 9 months ago
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆22Updated last week
- Identifies bad bytes from static analysis with any Anti-Virus scanner.☆128Updated last year
- Select any exported function in a dll as the new dll's entry point.☆82Updated 10 months ago
- Command and Control (C2) framework☆131Updated 4 months ago
- A collection of tools and detections for the Sliver C2 Frameworj☆129Updated 2 years ago