My Notes about Penetration Testing

Documents Exfiltration project for fun and educational purposes

Apple BLE proximity pairing message spoofing

Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

PowerJoker is a Python program which generate a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.

Finds Domain Controller on a network, enumerates users, AS-REP Roasting and hash cracking, bruteforces password, dumps AD users, DRSUAPI, scans SMB/NFS shares for passwords, scans for remote access…

A collection of PoCs for different injection techniques on Windows!

SIEM Cheat Sheet

Offensive Software Exploitation Course

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state

A running list of Windows sources and the related event ids.

Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

Rust in-memory dumper

Code for our DLS'21 paper - BODMAS: An Open Dataset for Learning based Temporal Analysis of PE Malware. BODMAS is short for Blue Hexagon Open Dataset for Malware AnalysiS.

HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys th…

Create PDFs with HTML smuggling attachments that save on opening the document.

BlackLotus UEFI Windows Bootkit

Study materials for the Certified Red Team Pentesting (CRTP) exam, covering essential concepts in red teaming and penetration testing

Native Syscalls Shellcode Injector

This map lists the essential techniques to bypass anti-virus and EDR

Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.

A command-line utility designed to discover subdomains for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interac…

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact dire…

GPT 3.5/4 with a Chat Web UI. No API key required.

Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctypes

Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume threads