Windows

Canadian Furious Beaver – A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities

14 Nov 2021 By hackergadgets

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: the “Broker” combines both a user-land agent and a self-extractable driver (IrpDumper.sys) that will install itself on the targeted system. Once running it will expose (depending on the compilation options) a remote named pipe (reachable fromRead More

Ad-Honeypot-Autodeploy – Deploy A Small, Intentionally Insecure, Vulnerable Windows Domain For RDP Honeypot Fully Automatically

12 Nov 2021 By hackergadgets

Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically. Runs on self-hosted virtualization using libvirtwith QEMU/KVM (but it can be customized easily for cloud-based solutions). Used for painlessly set up a small Windows Domain from scratch automatically (without user interaction) for the purpose of RDP Honeypot testing. Features a Domain Controller,Read More

Tor-Rootkit – A Python 3 Standalone Windows 10 / Linux Rootkit Using Tor

05 Nov 2021 By hackergadgets

A Python 3 standalone Windows 10 / Linux Rootkit. The networking communication get’s established over the tor network. Disclaimer Use for educational purposes only. How to use Clone the repo and change directory: git clone https://github.com/emcruise/TorRootkit.gitcd ./tor-rootkit Build docker container: docker build -t listener . Run docker container: docker run -v $(pwd)/executables:/executables/ -it listener DeployRead More

SpoolSploit – A Collection Of Windows Print Spooler Exploits Containerized With Other Utilities For Practical Exploitation

07 Oct 2021 By

A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. Summary SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying machine account credentials to escalate privileges and execute malicious DLLs on endpoints with full systemRead More

Speakeasy – Windows Kernel And User Mode Emulation

30 Aug 2021 By

Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. Check out the overview in the first Speakeasy blog post. Instead of attempting to perform dynamic analysis using an entire virtualized operating system, Speakeasy will emulate specific components of Windows. Specifically, by emulating operating system APIs, objects, running processes/threads,Read More

LazySign – Create Fake Certs For Binaries Using Windows Binaries And The Power Of Bat Files

24 Aug 2021 By

Create fake certs for binaries using windows binaries and the power of bat files Over the years, several cool tools have been released that are capeable of stealing or forging fake signatures for binary files. All of these tools however, have additional dependencies which require Go,python,… This repo gives you the opportunity of fake signingRead More

Process-Dump – Windows Tool For Dumping Malware PE Files From Memory Back To Disk For Analysis

23 Aug 2021 By

Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to avoid AV scanners, however when these files are executed they will often unpack or inject a clean version of the malware code inRead More

UnhookMe – An Universal Windows API Resolver And Unhooker Addressing Problem Of Invoking Unmonitored System Calls From Within Of Your Red Teams Malware

10 Aug 2021 By

In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their enhanced optics requirements, modern adversaries must have a robust tool to slide through these watchguards. The propsed implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversaryRead More

Go-Shellcode – A Repository Of Windows Shellcode Runners And Supporting Utilities

07 Aug 2021 By

go-shellcode is a repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques. The available Shellcode runners include: CreateFiber CreateProcess CreateProcessWithPipe CreateRemoteThread CreateRemoteThreadNative CreateThread CreateThreadNative EarlyBird EtwpCreateEtwThread NtQueueApcThreadEx (local) RtlCreateUserThread Syscall Shellcode Utils UuidFromStringA CreateFiber This application leverages the Windows CreateFiber function from the Kernel32.dllRead More

X