Processus
Processus
ETWMonitor
Windows notifier tool that detects RDP, SMB and RPC connections by monitoring ETW event logs
HEKATOMB
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backu...
vulnspy
VULNSPY regularly retrieves the latest alerts published by the CERT-FR and the related vulnerabilities with their CVSS score and allows you to notify by email or by discord if a defined threshold is e...
UnhookingDLL
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
CobaltStrikeBypassDefender
A launcher to load a DLL with xored cobalt strike shellcode executed in memory through process hollowing technique
Venoma
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
SharpVenoma
CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution