MemshellKit: highly customized memory shell one-click injection tool for multiple frameworks
https://github.com/W01fh4cker/MemshellKit
https://github.com/W01fh4cker/MemshellKit
MultiDump: is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly, without triggering Defender alerts, with a handler written in Python
https://github.com/Xre0uS/MultiDump
https://github.com/Xre0uS/MultiDump
NativeThreadpool: Worker and timer callback example using solely Native Windows APIs
https://github.com/fin3ss3g0d/NativeThreadpool
https://github.com/fin3ss3g0d/NativeThreadpool
Tumblr Subdomain Takeover
https://infosecwriteups.com/tumblr-subdomain-takeover-55f9cb494d65
JSON Smuggling: A far-fetched intrusion detection evasion technique
https://grimminck.medium.com/json-smuggling-a-far-fetched-intrusion-detection-evasion-technique-51ed8f5ee05f
https://infosecwriteups.com/tumblr-subdomain-takeover-55f9cb494d65
JSON Smuggling: A far-fetched intrusion detection evasion technique
https://grimminck.medium.com/json-smuggling-a-far-fetched-intrusion-detection-evasion-technique-51ed8f5ee05f
Puckungfu 2: Another NETGEAR WAN Command Injection
https://research.nccgroup.com/2024/02/09/puckungfu-2-another-netgear-wan-command-injection
https://research.nccgroup.com/2024/02/09/puckungfu-2-another-netgear-wan-command-injection
HijackLoader Expands Techniques to Improve Defense Evasion
https://www.crowdstrike.com/blog/hijackloader-expands-techniques
https://www.crowdstrike.com/blog/hijackloader-expands-techniques
BadExclusionsNWBO: is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
https://github.com/iamagarre/BadExclusionsNWBO
https://github.com/iamagarre/BadExclusionsNWBO
GoCheck: a blazingly fast alternative to Matterpreter's DefenderCheck which identifies the exact bytes that Windows Defender AV by feeding byte slices to MpCmdRun.exe
https://github.com/gatariee/gocheck
https://github.com/gatariee/gocheck
lolcerts: A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors
https://github.com/WithSecureLabs/lolcerts
https://github.com/WithSecureLabs/lolcerts
Collection of notes, useful resources, list of tools and scripts related to Threat Detection & Incident Response
https://github.com/Jean-Francois-C/Threat-Detection-and-Incident-Response
https://github.com/Jean-Francois-C/Threat-Detection-and-Incident-Response
NidhoggScript: is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
https://github.com/Idov31/NidhoggScript
https://github.com/Idov31/NidhoggScript
WERPersistence: This repository showcases a method that ingeniously exploits Windows Error Reporting (WER) for the purpose of stealthy data persistence and evasion. By embedding malicious payloads within WER reports
https://github.com/0xHossam/WERPersistence
https://github.com/0xHossam/WERPersistence
A Beginner’s Guide to Tracking Malware Infrastructure
https://censys.com/a-beginners-guide-to-tracking-malware-infrastructure
https://censys.com/a-beginners-guide-to-tracking-malware-infrastructure
APT29’s Attack on Microsoft: Tracking Cozy Bear’s Footprints
https://www.cyberark.com/resources/blog/apt29s-attack-on-microsoft-tracking-cozy-bears-footprints
https://www.cyberark.com/resources/blog/apt29s-attack-on-microsoft-tracking-cozy-bears-footprints
Real profit
WERPersistence: This repository showcases a method that ingeniously exploits Windows Error Reporting (WER) for the purpose of stealthy data persistence and evasion. By embedding malicious payloads within WER reports https://github.com/0xHossam/WERPersistence
WERPersistence.zip
365.6 KB
Leveraging Windows Error Reporting (WER) for Stealthy Data Persistence & Evasion
https://github.com/Mmo23/WERPersistence
https://github.com/Mmo23/WERPersistence
Remote buffer overflow over wifi_stack in wpa_supplicant binary in android 11, platform:samsung a20e, stock options so like works out of the box
https://github.com/SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e
https://github.com/SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e
Bypassing EDRs With EDR-Preloading
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload
Reflective DLL got Indirect Syscall skills
https://oldboy21.github.io/posts/2024/02/reflective-dll-got-indirect-syscall-skills
https://oldboy21.github.io/posts/2024/02/reflective-dll-got-indirect-syscall-skills
Real profit
Bypassing EDRs With EDR-Preloading https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload
EDR-Preloader: An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
https://github.com/MalwareTech/EDR-Preloader
https://github.com/MalwareTech/EDR-Preloader
MDE-Tester: is designed to help testing various features in Microsoft Defender for Endpoint
https://github.com/LearningKijo/MDEtester
https://github.com/LearningKijo/MDEtester
Dump cookies directly from Chrome process memory
https://github.com/Meckazin/ChromeKatz
https://github.com/Meckazin/ChromeKatz