volexity / donut-decryptorLinks
Retrieve inner payloads from Donut samples
☆116Updated last month
Alternatives and similar repositories for donut-decryptor
Users that are interested in donut-decryptor are comparing it to the libraries listed below
Sorting:
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆107Updated last year
- Windows Persistence IT-Security☆109Updated 10 months ago
- ☆119Updated last year
- ☆159Updated last year
- IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.☆105Updated 2 years ago
- Finding secrets in kernel and user memory☆116Updated 2 years ago
- Local & remote Windows DLL Proxying☆169Updated last year
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆138Updated this week
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆89Updated 2 years ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆207Updated last year
- Tools for analyzing EDR agents☆276Updated last year
- A collection of tools and detections for the Sliver C2 Frameworj☆133Updated 2 years ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆139Updated last year
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆153Updated 5 months ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆102Updated 9 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆167Updated last year
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆319Updated 2 years ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆194Updated last year
- ☆105Updated last year
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆123Updated last year
- A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.☆256Updated 3 months ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Updated last year
- ☆89Updated 2 years ago
- Identifies bad bytes from static analysis with any Anti-Virus scanner.☆128Updated last year
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆104Updated 4 months ago
- ☆108Updated last year
- Payload encoding utility to effectively lower payload entropy.☆122Updated 9 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆149Updated last year
- ETW based POC to identify direct and indirect syscalls☆190Updated 2 years ago
- Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By f…☆324Updated 3 months ago