Hunting Queries for Defender ATP

Discover the location of nearby Telegram users 📡🌍

Living Off the Foreign Land setup scripts

application server attack toolkit

Yet Another Memory Analyzer for malware detection

A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.

Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework.

PoC implementing heterogenous classifiers for IoT malware detection.

GitHub Data Analysis Framework.

Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

For when DLLMain is the only way

a tool to help operate in EDRs' blind spots

Nuclei templates for honeypots detection.

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Syscall Shellcode Loader (Work in Progress)

Generate an obfuscated DLL that will disable AMSI & ETW

Nim-based assembly packer and shellcode loader for opsec & profit

A light-weight first-stage C2 implant written in Nim (and Rust).

GoDumpLsass is a simple tool that can dump lsass without to get caught by Windows Defender.

Process Monitor X v2

Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider

Sysmon-Like research tool for ETW

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device.