Zircolite – A Standalone SIGMA-based Detection Tool For EVTX, Auditd And Sysmon For Linux Logs

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for linux or JSONL/NDJSON Logs Zircolite is a standalone tool written in Python 3. It allows to use SIGMA rules on MS Windows EVTX (EVTX and JSONL format), Auditd logs and Sysmon for Linux logs Zircolite can be used directly on the investigated endpoint (use releases) orRead More

RottenPotatoNG – A C++ DLL And Standalone C++ Binary – No Need For Meterpreter Or Other Tools

New version of RottenPotato as a C++ DLL and standalone C++ binary – no need for meterpreter or other tools. RottenPotatoDLL This project generates a DLL and EXE file. The DLL contains all the code necessary to perform the RottenPotato attack and get a handle to a privileged token. The MSFRottenPotatoTestHarness project simply shows exampleRead More

Tor-Rootkit – A Python 3 Standalone Windows 10 / Linux Rootkit Using Tor

A Python 3 standalone Windows 10 / Linux Rootkit. The networking communication get’s established over the tor network. Disclaimer Use for educational purposes only. How to use Clone the repo and change directory: git clone https://github.com/emcruise/TorRootkit.gitcd ./tor-rootkit Build docker container: docker build -t listener . Run docker container: docker run -v $(pwd)/executables:/executables/ -it listener DeployRead More