Merge branch 'master' of github.com:pe3zx/my-infosec-awesome

2024-06-25 21:22:10 +00:00 · 2021-09-26 17:01:36 +07:00 · 2021-09-26 17:01:36 +07:00 · 491fcfe75f
commit 491fcfe75f
parent 48890a9251 f1c7f8d6a3
2 changed files with 52 additions and 0 deletions
--- a/Offensive.md
+++ b/Offensive.md
@ -361,6 +361,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/knight0x07/ImpulsiveDLLHijack">knight0x07/ImpulsiveDLLHijack</a></td>
        <td>C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/knownsec/shellcodeloader">knownsec/shellcodeloader</a></td>
+        <td>ShellcodeLoader of windows can bypass AV.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/mai1zhi2/SharpBeacon">mai1zhi2/SharpBeacon</a></td>
        <td>CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon，其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能</td>
@ -552,6 +556,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/GetRektBoy724/JALSI">GetRektBoy724/JALSI</a></td>
        <td>JALSI - Just Another Lame Shellcode Injector</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/GetRektBoy724/TripleS">GetRektBoy724/TripleS</a></td>
+        <td>Syscall Stub Stealer - Freshly steal Syscall stub straight from the disk</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/GoodstudyChina/APC-injection-x86-x64">GoodstudyChina/APC-injection-x86-x64</a>
        </td>
@ -606,6 +614,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/Moriarty2016/NimRDI">Moriarty2016/NimRDI</a></td>
        <td>RDI implementation in Nim</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/ORCA666/EVA3">ORCA666/EVA3</a></td>
+        <td>using hellsgate in EVA to get the syscalls</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/passthehashbrowns/DInvokeProcessHollowing">passthehashbrowns/DInvokeProcessHollowing</a></td>
        <td>This repository is an implementation of process hollowing shellcode injection using DInvoke from SharpSploit. DInvoke allows operators to use unmanaged code while avoiding suspicious imports or API hooking.</td>
@ -1025,6 +1037,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/TsukiCTF/Lovely-Potato">TsukiCTF/Lovely-Potato</a></td>
        <td>Automating juicy potato local privilege escalation exploit for penetration testers.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/thehappydinoa/rootOS">thehappydinoa/rootOS</a></td>
+        <td>macOS Privilege Escalation Helper</td>
+    </tr>
 </table>

 ## Defense Evasion
@ -1117,6 +1133,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/boku7/injectAmsiBypass">boku7/injectAmsiBypass</a></td>
        <td>Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/boku7/injectEtwBypass?s=09">boku7/injectEtwBypass</a></td>
+        <td>CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/br-sn/CheekyBlinder">br-sn/CheekyBlinder</a></td>
        <td>Enumerating and removing kernel callbacks using signed vulnerable drivers</td>
@ -1178,6 +1198,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/DarthTon/Polychaos">DarthTon/Polychaos</a></td>
        <td>PE permutation library</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/dndx/phantun">dndx/phantun</a></td>
+        <td>Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/dsnezhkov/zombieant">dsnezhkov/zombieant</a></td>
        <td>Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.</td>
@ -1239,6 +1263,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/jfmaes/LazySign">jfmaes/LazySign</a></td>
        <td>Create fake certs for binaries using windows binaries and the power of bat files</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/jfmaes/sharpbysentinel">jfmaes/sharpbysentinel</a></td>
+        <td>Kill telemetry to sentinel</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/jfmaes/SharpNukeEventLog">jfmaes/SharpNukeEventLog</a></td>
        <td>nuke that event log using some epic dinvoke fu</td>
@ -1267,6 +1295,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/klezVirus/chameleon">klezVirus/chameleon</a></td>
        <td>Chameleon is yet another PowerShell obfuscation tool designed to bypass AMSI and commercial antivirus solutions.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/klezVirus/inceptor">klezVirus/inceptor</a></td>
+        <td>Template-Driven AV/EDR Evasion Framework</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/last-byte/unDefender">last-byte/unDefender</a></td>
        <td>Killing your preferred antimalware by abusing native symbolic links and NT paths.</td>
@ -1522,6 +1554,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/eladshamir/Internal-Monologue">eladshamir/Internal-Monologue</a></td>
        <td>Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/EspressoCake/PPLDump_BOF">EspressoCake/PPLDump_BOF</a></td>
+        <td>A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/fireeye/ADFSpoof">fireeye/ADFSpoof</a></td>
        <td>A python tool to forge AD FS security tokens.</td>
--- a/README.md
+++ b/README.md
@ -1197,6 +1197,10 @@ This repository is created as an online bookmark for useful links, resources and
        <td><a href="https://github.com/3CORESec/Automata">3CORESec/Automata</a></td>
        <td>Automatic detection engineering technical state compliance</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/Accenture/docker-plaso">Accenture/docker-plaso</a></td>
+        <td>Docker container for plaso supertimlining tool</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/activecm/BeaKer">activecm/BeaKer</a></td>
        <td>Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana</td>
@ -1289,6 +1293,10 @@ This repository is created as an online bookmark for useful links, resources and
        <td><a href="https://github.com/CrowdStrike/Forensics">CrowdStrike/Forensics</a></td>
        <td>Scripts and code referenced in CrowdStrike blog posts</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/CrowdStrike/SuperMem">CrowdStrike/SuperMem</a></td>
+        <td>A python script developed to process Windows memory images based on triage type.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/cryps1s/DARKSURGEON">cryps1s/DARKSURGEON</a></td>
        <td>DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.</td>
@ -1537,6 +1545,10 @@ This repository is created as an online bookmark for useful links, resources and
        <td><a href="https://ossec.github.io/">OSSEC</a></td>
        <td>Open Source HIDS SECurity</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/ovotech/gitoops/">ovotech/gitoops</a></td>
+        <td>GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/philhagen/sof-elk">philhagen/sof-elk</a></td>
        <td>Configuration files for the SOF-ELK VM, used in SANS FOR572</td>
@ -3003,6 +3015,10 @@ This repository is created as an online bookmark for useful links, resources and
        <td><a href="https://github.com/optiv/Microsoft365_devicePhish">optiv/Microsoft365_devicePhish</a></td>
        <td>A proof-of-concept script to conduct a phishing attack abusing Microsoft 365 OAuth Authorization Flow</td>
    </tr>
+    <tr>
+        <td><a href="https://wanetty.github.io/tools/pofish">PoFish</a></td>
+        <td>A new docker for phishing (PoFish)</td>
+    </tr>
    <tr>
        <td><a href="https://pretext-project.github.io/">Pretext Project</a></td>
        <td>Open-Source Collection of Social Engineering Pretexts</td>