Titan – VMProtect Devirtualizer
I'm releasing my VMProtect devirtualizer for others to research, learn, and improve. This project started in 2018 as a hobby project and was rewritten at least 4 times. During my research, I've met with awesome people, made friends, and learned a lot. The tool is for educational purposes only, it works for vmprotect < 3.8 but produces less than...
NoVmp – Unlocking VMProtect x64 With VTIL-Powered Devirtualization
Welcome to the world of NoVmp, a groundbreaking project that aims to unravel the complexities of VMProtect x64 3.0 - 3.5. In this article, we'll dive into the intriguing realm of devirtualization, exploring how NoVmp utilizes VTIL (Virtual-machine Translation Intermediate Language) to breathe new life into protected binaries. Get ready to unlock the secrets of VMProtect and discover the...
No-Consolation – Executing Unmanaged PEs Inline And Without Console Allocation
This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e. spawning conhost.exe). Features Supports 64 and 32 bits Supports EXEs and DLLs Does not create new processes Usage Summary: Run an unmanaged EXE/DLL inside Beacon's memory. Usage: noconsolation [--local] [--timeout 60] [-k] [--method funcname] [-w] [--no-output] [--alloc-console] [--close-handles] [--free-libraries] /path/to/binary.exe arg1 arg2 --local,...
InvisibilityCloak – A Game-Changer In C# Post-Exploitation Tools
Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio project. Change the tool name Change the project GUID Obfuscate compatible strings in source code files based on obfuscation method entered by user Removes one-line comments (e.g. // this is a comment) Remove PDB string option for compiled release .NET assembly Blog Post String Candidates Not Obfuscated The below...
Awesome-BEC – Unveiling A Comprehensive Resource For Business Email Compromise Investigations
A Comprehensive Resource for Business Email Compromise Investigations.' In the ever-evolving landscape of cyber threats, business email compromise (BEC) remains a persistent and costly threat. This article explores Awesome-BEC, a curated repository of invaluable attack and defensive information, tools, and research dedicated to combating BEC attacks. Discover the wealth of knowledge and resources it offers for safeguarding your organization...
SharpVeeamDecryptor – Unlocking The Secrets Of Veeam
Decrypt Veeam database passwords. Needs to be run from an elevated context on the Veeam Backup/Database Server. I did not want to use SharpDPAPI or Mimikatz for a lot of stored passwords - so one tool to do everything was the way to go. :-) In the realm of cybersecurity and data protection, Veeam is a trusted name for safeguarding critical...
Honeypots Detection – Using Nuclei Templates For Effective Detection
Nuclei templates for honeypots detection. This repository contains Nuclei templates to detect several well-known open-source honeypots, such as: ADBHoney, Conpot, Cowrie, Dionaea (multiple services), ElasticPot, Mailoney, Redis Honeypot, Snare, among others. Usage Install Nuclei. Clone this repository:git clone https://github.com/UnaPibaGeek/honeypots-detection.git Move into the templates folder:cd honeypots-detection/templates Run the desired template as follows:sudo nuclei -u {target_IP} -t ./{template_name}.yaml Example For a more detailed output it is possible to use...
Callstack Spoofing + Indirect Syscalls POC – Unmasking Evasion Techniques In A Proof Of Concept (POC) Scenario
This project consists of a simple C++ self-Injecting dropper focused on EDR evasion POC. To implement it, I have combined the use of Windows Thread Pooling to hide the call stack and the use of indirect syscalls to avoid hooking in the NTDLL. As can be seen in the images, from the Cordyceps code, it performs a jump to ntdll to utilize one of...
Install And Secure – A Guide To Using ‘ldeep’ With Kerberos For Advanced Active Directory Analysis
In the realm of network security and Active Directory assessment, efficient reconnaissance is paramount. This article explores the installation and utilization of 'ldeep,' a powerful tool equipped with Kerberos authentication for advanced Active Directory analysis. Learn how to enhance your network security and streamline your reconnaissance efforts using this comprehensive guide. If you want to use Kerberos authentication you will...
LdrLibraryEx – A Lightweight x64 Library For Loading DLLs Into Memory
A small x64 library to load dll's into memory. n the world of software development, efficient DLL loading is a crucial aspect of optimizing performance and functionality. Enter "LdrLibraryEx," a powerful x64 library designed to streamline the process of loading DLLs into memory. This lightweight and versatile tool offers developers a range of features, from low dependencies and memory-based...