Ethical hacker | OSCE3 OSCP CRTM CRTL GX-PT
Use only NTAPI functions to stealthily remap ntdll.dll from a clean .text section of a suspended process. This technique bypasses user-mode API monitoring and enhances evasion against security solutions.
This is a malicious plugin for EMQX Dashboard which allows to execute commands remotely in versions below 5.8.6. Written in Erlang, it is based on one of the latest releases of the EMQX plugin template repository.
These days I decided to explore the Crystal programming language, a high-performance, statically-typed programming language with Ruby-inspired syntax. To do so, I decided to port NativeDump and TrickDump to it.
NativeBypassCredGuard is a tool designed to bypass Credential Guard by patching WDigest.dll using only NTAPI functions (functions exported by ntdll.dll). It is available in two flavours: C# and C++.
Windows Forms App designed to display a popup asking users to reboot their machine. It can be useful in scenarios where a system restart is necessary for changes to take effect, such as when modifications have been made to registry keys (e.g., Protected Process Light (PPL) settings).
Updating TrickDump and creating a BOF File.
Updating NativeDump and creating a BOF File.
TrickDump allows to dump the lsass process without generating a Minidump file, generating instead three JSON files and one zip file with memory regions’ dumps.