RogueAssemblyHunter – Rogue Assembly Hunter Is A Utility For Discovering ‘Interesting’ .NET CLR Modules In Running Processes

[*] Rogue Assembly Hunter is a utility for discovering ‘interesting’ .NET CLR modules in running processes. Author: @bohops License: MIT Project: https://github.com/bohops/RogueAssemblyHunter Background .NET is a very powerful and capable development platform and runtime framework for building and running .NET managed applications. Over the last several years, .NET has been adopted by Red Teams (andRead More

NimPackt-v1 – Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit

By Cas van Cooten (@chvancooten) With special thanks to Marcello Salvati (@byt3bl33der) and Fabian Mosch (@S3cur3Th1sSh1t) Description Update: NimPackt-v1 is among the worst code I have ever written (I was just starting out learning Nim). Because of this, I started on a full rewrite of NimPackt, dubbed ‘NimPackt-NG’ (currently still private). With this re-write, IRead More

LACheck – Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration

[*] Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration Arguments domain controller to query (if not ran on a domain-joined host) /domain – specify domain name (if not ran on a domain-joined host) /edr – check host for EDR (requires smb, rpc, or winrm) /logons – return logged on users on a host (requires smb,Read More

InlineExecute-Assembly – A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module. InlineExecute-Assembly will execute any assembly with the entry point of Main(string[] args) or Main(). This should allow you to run most releasedRead More

OverRide – Binary Exploitation And Reverse-Engineering (From Assembly Into C)

Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag – password for next level README.md – how to find password source.c – the reverse engineered binary dissasembly_notes.md – notes on asm See the subject for more details. For more gdb & exploitation fun checkRead More

PE-Packer – A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly

PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry. When running a packed PE file, the shell-entry willRead More

X