ksanadf Goto Github PK

aceldr

Cobalt Strike UDRL for memory scanner evasion.

avml

AVML - Acquire Volatile Memory for Linux

awesome-linux-rootkits

awesome-linux-rootkits

azazel

Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.

bokuloader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

bypassantivirus

远控免杀系列文章及配套工具，汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。

callstack_spoof

chkrootkit

This program locally checks for signs of a rootkit. 'Forked' to fix false-positive for SucKIT rootkit

cobalt-arsenal

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

dotnettojscript

A tool to create a JScript file which loads a .NET v2 assembly from memory.

elusivemice

Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind

gobypassav

整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术，并搜集汇总了一些资料和工具。

hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

kaynstrike

UDRL for CS

khook

Linux Kernel hooking engine (x86)

kmatryoshka

Matryoshka - stacked LKM loader

lime

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from

lkrg

Linux Kernel Runtime Guard

lsassy

Extract credentials from lsass remotely

malleable-c2-profiles

Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.

mimikatz

A little tool to play with Windows security

msbuild-inline-task

pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

powershell

PowerShell for every system!

powersploit

PowerSploit - A PowerShell Post-Exploitation Framework

profiles

Volatility profiles for Linux and Mac OS X

reflectivedllinjection

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

reptile

LKM Linux rootkit

titanldr

Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.