Ethical hacker | OSCE(3) CRTM CRTL GXPN GRTP GCIH GCPN GWAPT
Using socat, tmux and Python threading, DoubleTeam launches a new tmux window for each incoming reverse shell. It supports simultaneous listening on many ports and automatically resumes listening on the port after spawning the tmux window.
Creating vulnerable (on purpose) programs to leak the NtReadVirtualMemory address for stealthier API resolution (no GetProcAddress, GetModuleHandle or LoadLibrary in the IAT).
NimDump is a port of NativeDump written in Nim, designed to dump the LSASS process using only NTAPI functions.
NPPSpy and NPPSPy2 are great tools to retrieve user credentials. In this repository, I will add some extra functionality to them, such as encryption and different exfiltration techniques.
Tool to impersonate users by stealing their tokens using only NTAPI functions. It supports two types of impersonation, one similar to CreateProcessWithToken and the other to ImpersonateLoggedOnUser.
Use only NTAPI functions to stealthily remap ntdll.dll from a clean .text section of a suspended process. This technique bypasses user-mode API monitoring and enhances evasion against security solutions.
This is a malicious plugin for EMQX Dashboard which allows to execute commands remotely in versions below 5.8.6. Written in Erlang, it is based on one of the latest releases of the EMQX plugin template repository.
These days I decided to explore the Crystal programming language, a high-performance, statically-typed programming language with Ruby-inspired syntax. To do so, I decided to port NativeDump and TrickDump to it.