volexity / donut-decryptorLinks
Retrieve inner payloads from Donut samples
☆110Updated last year
Alternatives and similar repositories for donut-decryptor
Users that are interested in donut-decryptor are comparing it to the libraries listed below
Sorting:
- Windows Persistence IT-Security☆106Updated 7 months ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆130Updated this week
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆105Updated last year
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆88Updated 2 years ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆100Updated 7 months ago
- ☆119Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆206Updated 10 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆165Updated last year
- Tools for analyzing EDR agents☆265Updated last year
- Local & remote Windows DLL Proxying☆165Updated last year
- Enumerate active EDR's on the system☆139Updated last month
- ☆87Updated 2 years ago
- IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.☆105Updated last year
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆107Updated 8 months ago
- ☆158Updated 10 months ago
- Finding secrets in kernel and user memory☆115Updated 2 years ago
- A collection of tools and detections for the Sliver C2 Frameworj☆131Updated 2 years ago
- Payload encoding utility to effectively lower payload entropy.☆119Updated 6 months ago
- Identifies bad bytes from static analysis with any Anti-Virus scanner.☆129Updated last year
- ETW based POC to identify direct and indirect syscalls☆187Updated 2 years ago
- .NET tool used to enrich RPC telemetry☆99Updated 4 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆140Updated last year
- A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.☆244Updated last month
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆193Updated 11 months ago
- Blog/Journal on how to backdoor VSCode extensions☆74Updated 3 months ago
- ☆80Updated last year
- ☆108Updated 11 months ago
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆93Updated last month
- Command and Control (C2) framework☆132Updated 5 months ago
- ☆194Updated last year