volexity / donut-decryptor
Retrieve inner payloads from Donut samples
☆95Updated last year
Alternatives and similar repositories for donut-decryptor:
Users that are interested in donut-decryptor are comparing it to the libraries listed below
- Windows Persistence IT-Security☆97Updated last month
- .NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS☆140Updated 2 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆147Updated 11 months ago
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆89Updated last year
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆129Updated 4 months ago
- Identifies bad bytes from static analysis with any Anti-Virus scanner.☆124Updated 9 months ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆102Updated last month
- Adversary Emulation Framework☆98Updated 9 months ago
- 🔥📜 Forbidden collection of Red Team sorcery 📜🔥☆97Updated last week
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆187Updated 4 months ago
- Tool for viewing NTDS.dit☆155Updated last month
- PoC for dumping and decrypting cookies in the latest version of Microsoft Teams☆132Updated last year
- ☆117Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- Invoke-ArgFuscator is an open-source, cross-platform PowerShell module that helps generate obfuscated command-lines for common system-nat…☆164Updated last week
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆114Updated 11 months ago
- A collection of tools and detections for the Sliver C2 Frameworj☆123Updated 2 years ago
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆118Updated 10 months ago
- Find DLLs with RWX section☆79Updated last year
- Detect EDR's exceptions by inspecting processes' loaded modules☆129Updated last year
- ☆181Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆89Updated 10 months ago
- A BOF to enumerate system process, their protection levels, and more.☆115Updated 4 months ago
- I have documented all of the AMSI patches that I learned till now☆71Updated last month
- Find .net assemblies locally☆111Updated 2 years ago
- Stage 0☆156Updated 4 months ago
- Port of Cobalt Strike's Process Inject Kit☆173Updated 4 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 9 months ago
- Project for identifying executables and DLLs vulnerable to environment-variable based DLL hijacking.☆57Updated 2 years ago
- A C# port from Invoke-GhostTask☆114Updated last year