​​NativeThreadpool

A proof of concept demonstrating how to create a thread pool using solely native Windows APIs to execute a work callback as well as a timer callback using the C programming language.

https://github.com/fin3ss3g0d/NativeThreadpool

#cybersecurity #infosec #pentesting

​​s4killer

This is the source code associated with my blog post on exploiting the probmon.sys Minifilter driver in order to create a process killer.

https://github.com/enkomio/s4killer

#cybersecurity #pentesting #redteam

​​MemshellKit

A highly customized memory shell one-click injection tool for multiple frameworks

https://github.com/W01fh4cker/MemshellKit

#infosec #pentesting #redteam

​​?MSI SearchTo simplify this task, Mandiant’s red team created a Beacon Object File (BOF) and a PowerShell script found in msi_search to read and output relevant metadata for all MSI files cached in C:\Windows\Installer. Using this tool will allow red team operators and security teams to download relevant files to investigate local privilege escalation vulnerabilities through MSI repairs.https://github.com/mandiant/msi-search

Details:https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers

#infosec #pentesting #redteam

​​GIUDA
GET a TGS on behalf of another user without password.

https://github.com/foxlox/GIUDA

#infosec #pentesting #redteam

​​hypobrychiumAV/EDR completely ignore me. Duplicate the token of a running process and run a command.https://github.com/foxlox/hypobrychium

#cve #cybersecurity #infosec

​​LOLAPPSKind of like the cousin of LOLBAS and GTFObins. Sometimes you might struggle to common binaries to exploit and LOLAPPS is meant to be a supplementary resource for identifying native functionality in applications that can be used to the hacker's advantage, both third-party and from within.

https://github.com/LOLAPPS-Project/LOLAPPS

Web:https://lolapps-project.github.io/

#infosec #pentesting #redteam

​​HadesLdrShellcode loader implementing indirect dynamic syscall, api hashing, fileless shellcode retrieving using winsock2.• Indirect Dynamic Syscall by resolving the SSN and the address pointing to a backed syscall instruction dynamically.
• API Hashing by resolving modules & APIs base address from PEB by hashes
• Fileless Chunked RC4 Shellcode retrieving using Winsock2

https://github.com/CognisysGroup/HadesLdr

Details:https://labs.cognisys.group/posts/Combining-Indirect-Dynamic-Syscalls-and-API-Hashing/

#infosec #pentesting #redteam

​​docleanerA web service to clean #documents from potentially privacy-invasive #metadata.

https://github.com/TUD-CERT/docleaner