volexity / donut-decryptor
Retrieve inner payloads from Donut samples
☆79Updated 7 months ago
Related projects: ⓘ
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆64Updated 3 weeks ago
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆110Updated 3 months ago
- Monarch - The Adversary Emulation Toolkit☆57Updated 8 months ago
- Living Off the Foreign Land setup scripts☆61Updated last month
- Example code samples from our ScriptBlock Smuggling Blog post☆80Updated 3 months ago
- ☆98Updated 7 months ago
- A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust☆79Updated 5 months ago
- Microsoft Graph API post-exploitation toolkit☆90Updated 2 months ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆77Updated 7 months ago
- IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.☆83Updated 8 months ago
- ☆101Updated 4 months ago
- Abuse Azure API permissions for red teaming☆55Updated last year
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆84Updated last year
- Local & remote Windows DLL Proxying☆158Updated 3 months ago
- ☆67Updated 10 months ago
- Find .net assemblies locally☆85Updated last year
- Lifetime AMSI bypass.☆35Updated 2 months ago
- Grab NetNTLMv2 hashes using ETW with administrative rights on Windows 8.1 / Windows Server 2016 and later☆88Updated last year
- ☆105Updated 3 years ago
- Source code and examples for PassiveAggression☆54Updated 3 months ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆81Updated 3 weeks ago
- Find DLLs with RWX section☆74Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated 9 months ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆72Updated last month
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆50Updated 4 months ago
- ☆72Updated 4 months ago
- Decrypt GlobalProtect configuration and cookie files.☆74Updated last week
- ☆70Updated last year
- ☆62Updated last month
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆69Updated 7 months ago