CaptWake
Follow
Lists (2)
Stars
A Windows Kernel Driver Emulator base on Unicorn, Kernel Memory Dump and some of native environment
Emulate Drivers in RING3 with self context mapping or unicorn
Awesome EDR Bypass Resources For Ethical Hacking
A collection of malware families and malware samples which use the Rust programming language.
A guide to modern exploit development, shellcode, EDR and WAF bypass, and initial Red Team access.
AV/EDR Lab environment setup references to help in Malware development
Stealthy Linux Kernel Rootkit for modern kernels (6x)
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.
Shellcode loader using direct syscalls via Hell's Gate and payload encryption.
load shellcode without P/D Invoke and VirtualProtect call.
A tiny CTF challenge instancer (with docker backend)
Template-Driven AV/EDR Evasion Framework
Chameleon is a polymorphic engine for x86_64 position independent shellcode that has been created out of the need to evade signature-based detections in red team environments.
A tool to generate a custom code signing certificate chain and generate instructions to sign a binary. Useful for establishing persistence on a penetration test.
Evasive shellcode loader for bypassing event-based injection detection (PoC)
gerhart01 / LiveCloudKd
Forked from msuiche/LiveCloudKdHyper-V Research is trendy now
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.
Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.
Slides & Code snippets for a workshop held @ x33fcon 2024
Windows protocol library, including SMB and RPC implementations, among others.
A library for loading and executing PE (Portable Executable) from memory without ever touching the disk