sheepdog0x3e
Follow
Stars
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
RunPE adapted for x64 and written in C, does not use RWX
Generic PE loader for fast prototyping evasion techniques
IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.
Cobalt Strike BOF that Add a user to localgroup by samr
一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool
Some Rust program I wrote while learning Malware Development
Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom Java…
A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.
Python PDF Parser (Not actively maintained). Check out pdfminer.six.
Simple good performance byte pattern/PE signature scanner, allowing upwards of 5000MB/s per core (30000+MB/s with AVX) on modern hardware.
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
Use a docx as a jinja2 template
Dump cookies and credentials directly from Chrome/Edge process memory
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
Perfect DLL Proxying using forwards with absolute paths.
DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
Hide your P/Invoke signatures through other people's signed assemblies