Krueger : Exploiting Windows Defender To Neutralize EDR Systems
Krueger is a Proof of Concept (PoC) .NET post-exploitation tool designed to disable Endpoint Detection and Response (EDR) systems during lateral movement in a network. Developed by security researcher Logan Goins, Krueger leverages Windows Defender Application Control (WDAC), a Microsoft utility originally intended to enhance security by controlling executable code on Windows devices. However, Krueger weaponizes this feature to...
Tokio : Unleashing Asynchronous Power In Rust For Network Applications
Tokio is a high-performance, asynchronous runtime designed for the Rust programming language. It provides the essential building blocks for creating reliable, scalable, and efficient asynchronous applications. Leveraging Rust's ownership model and type system, Tokio ensures thread safety and minimizes bugs, making it a preferred choice for network programming and other I/O-bound tasks. Core Features Multithreaded Task Scheduler: Tokio uses a work-stealing...
AntiCrack DotNet : Advanced Protection For .NET Assemblies
AntiCrack DotNet is a sophisticated .NET project designed to safeguard software by implementing advanced anti-debugging, anti-virtualization, anti-injection, and anti-hooking techniques. These methods aim to detect and prevent malicious actions such as debugging, reverse engineering, and unauthorized code modifications. Below is an overview of its key functionalities: Key Features Hooks Prevention Protects .NET function pointers to prevent runtime memory modifications. Detects unauthorized attempts to...
StoneKeeper C2 : A Research-Oriented Command-And-Control Framework For EDR Evasion
The StoneKeeper C2 is an experimental command-and-control (C2) framework designed for research purposes, focusing on modern Windows malware tactics and Endpoint Detection and Response (EDR) evasion techniques. It serves as a learning tool for cybersecurity professionals and researchers interested in understanding malware development and C2 frameworks. Key Features And Functions EDR Evasion Techniques:StoneKeeper C2 incorporates advanced techniques to bypass EDR solutions....
Biome : The Ultimate Toolchain For Web Development
Biome is a cutting-edge toolchain designed to simplify and enhance web development by combining powerful formatting and linting tools into a single package. Built on Rust, Biome is exceptionally fast and efficient, making it a preferred choice for developers aiming to maintain high-quality codebases. Key Features Formatter: Biome serves as a robust formatter for JavaScript, TypeScript, JSX, JSON, CSS, and GraphQL....
The Silk Wasm : Revolutionizing HTML Smuggling Through WebAssembly
The Silk Wasm is a tool designed to obfuscate HTML smuggling techniques using WebAssembly (Wasm). HTML smuggling is a method used to embed malicious payloads directly into an HTML page, bypassing traditional network-based security measures. By leveraging Wasm, Silk Wasm enhances the obfuscation of these payloads, making them harder to detect and analyze. Functionality Of Silk Wasm Silk Wasm allows users...
TokenSmith : A Versatile Tool For Entra ID Token Management
TokenSmith is a powerful tool designed to generate Entra ID access and refresh tokens, catering to offensive engagements such as adversary simulations, penetration testing, or even administrative tasks. Built with operational security (OpSec) in mind, TokenSmith is compatible with popular Azure offensive tools and provides flexibility for various use cases. Key Features Token Generation: TokenSmith simplifies the process of obtaining Entra...
Sunder : A Windows Rootkit Exploiting Vulnerable Drivers For Kernel-Level Attacks
Sunder is a Windows rootkit inspired by the Lazarus Group's FudModule rootkit, designed to exploit vulnerabilities in kernel drivers to gain unauthorized access to system resources. This rootkit serves as a framework for post-exploitation activities, leveraging the Bring Your Own Vulnerable Driver (BYOVD) technique to bypass security mechanisms and manipulate kernel memory. Sunder utilizes Dell's vulnerable dbutil_2_3.sys driver, which is...
AgentTesla : The Mechanics And Menace Of A Persistent Cyber Threat
AgentTesla is a sophisticated and persistent malware that has been a significant cybersecurity threat since its emergence in 2014. It is a Remote Access Trojan (RAT) and information stealer written in the .NET framework, designed to exfiltrate sensitive data from infected systems. Its widespread use is attributed to its availability as Malware-as-a-Service (MaaS), making it accessible to cybercriminals worldwide. Functions...
Silent Execution Of cmd.exe With Redirected STDERR And STDOUT
The ability to execute commands silently using cmd.exe while redirecting both standard output (STDOUT) and standard error (STDERR) is a common technique employed in both legitimate administrative tasks and malicious activities. This method ensures that the command execution remains hidden from the user, while capturing or discarding the output for further processing. Key Techniques Silent Execution with /Q and /C: The /Q...
