Merge branch 'master' of github.com:pe3zx/my-infosec-awesome

This commit is contained in:
pe3zx 2021-10-01 10:11:13 +07:00
commit cadff36928
2 changed files with 12 additions and 1 deletions

View File

@ -1331,10 +1331,18 @@ Some tools can be categorized in more than one category. But because the current
<td><a href="https://github.com/med0x2e/SigFlip">med0x2e/SigFlip</a></td> <td><a href="https://github.com/med0x2e/SigFlip">med0x2e/SigFlip</a></td>
<td>SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.</td> <td>SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.</td>
</tr> </tr>
<tr>
<td><a href="https://github.com/mgeeky/ShellcodeFluctuation">mgeeky/ShellcodeFluctuation</a></td>
<td>An in-memory evasion technique fluctuating shellcode memory protection between RW & RX and encrypting/decrypting contents</td>
</tr>
<tr> <tr>
<td><a href="https://github.com/mgeeky/Stracciatella">mgeeky/Stracciatella</a></td> <td><a href="https://github.com/mgeeky/Stracciatella">mgeeky/Stracciatella</a></td>
<td>OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup</td> <td>OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup</td>
</tr> </tr>
<tr>
<td><a href="https://github.com/mgeeky/ThreadStackSpoofer">mgeeky/ThreadStackSpoofer</a></td>
<td>Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.</td>
</tr>
<tr> <tr>
<td><a href="https://github.com/MinervaLabsResearch/CoffeeShot">MinervaLabsResearch/CoffeeShot</a></td> <td><a href="https://github.com/MinervaLabsResearch/CoffeeShot">MinervaLabsResearch/CoffeeShot</a></td>
<td>CoffeeShot: Avoid Detection with Memory Injection</td> <td>CoffeeShot: Avoid Detection with Memory Injection</td>
@ -1419,7 +1427,6 @@ Some tools can be categorized in more than one category. But because the current
<td><a href="https://github.com/secretsquirrel/SigThief">secretsquirrel/SigThief</a></td> <td><a href="https://github.com/secretsquirrel/SigThief">secretsquirrel/SigThief</a></td>
<td>Stealing Signatures and Making One Invalid Signature at a Time</td> <td>Stealing Signatures and Making One Invalid Signature at a Time</td>
</tr> </tr>
<tr>
<td><a href="https://github.com/sinfulz/JustEvadeBro">sinfulz/JustEvadeBro</a></td> <td><a href="https://github.com/sinfulz/JustEvadeBro">sinfulz/JustEvadeBro</a></td>
<td>JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.</td> <td>JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.</td>
</tr> </tr>

View File

@ -1965,6 +1965,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/DoctorWebLtd/malware-iocs">DoctorWebLtd/malware-iocs</a></td> <td><a href="https://github.com/DoctorWebLtd/malware-iocs">DoctorWebLtd/malware-iocs</a></td>
<td>This repository contains Indicators of Compromise (IOCs) related to our investigations.</td> <td>This repository contains Indicators of Compromise (IOCs) related to our investigations.</td>
</tr> </tr>
<tr>
<td><a href="https://dragonfly.certego.net/">Dragonfly</a></td>
<td>An automated sandbox to emulate and analyze malware</td>
</tr>
<tr> <tr>
<td><a href="https://github.com/droidefense/engine">droidefense/engine</td> <td><a href="https://github.com/droidefense/engine">droidefense/engine</td>
<td>Droidefense: Advance Android Malware Analysis Framework</td> <td>Droidefense: Advance Android Malware Analysis Framework</td>