diff --git a/.gitmodules b/.gitmodules index 02da23f..5e21451 100644 --- a/.gitmodules +++ b/.gitmodules @@ -49,3 +49,9 @@ [submodule "red-teaming/ElusiveMice"] path = red-teaming/ElusiveMice url = https://github.com/mgeeky/ElusiveMice +[submodule "windows/ThreadStackSpoofer"] + path = windows/ThreadStackSpoofer + url = https://github.com/mgeeky/ThreadStackSpoofer +[submodule "windows/ShellcodeFluctuation"] + path = windows/ShellcodeFluctuation + url = https://github.com/mgeeky/ShellcodeFluctuation diff --git a/README.md b/README.md index b2a9e57..45b70e6 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,15 @@ The collection is divided further onto following sections: The base of these tools do not contain any customer/client related sensitive information as well as there are no engagement-specific tools developed as PoCs. +--- + +### ☕ Show Support ☕ + +This and other projects are outcome of sleepless nights and **plenty of hard work**. If you like what I do and appreciate that I always give back to the community, +[Consider buying me a coffee](https://github.com/sponsors/mgeeky) _(or better a beer)_ just to say thank you! 💪 + +--- + ``` Mariusz B. / mgeeky, (@mariuszbit) diff --git a/windows/README.md b/windows/README.md index 9f38b0b..d952c26 100644 --- a/windows/README.md +++ b/windows/README.md @@ -100,8 +100,12 @@ PS> python3 rdpFileUpload.py -v -f certutil README.md - **`revshell.c`** - Utterly simple reverse-shell, ready to be compiled by `mingw-w64` on Kali. No security features attached, completely not OPSEC-safe. +- [**`ShellcodeFluctuation`**](https://github.com/mgeeky/ShellcodeFluctuation) - An in-memory evasion technique fluctuating shellcode memory protection between RW & RX and encrypting/decrypting contents. + - **`Simulate-DNSTunnel.ps1`** - Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams. +- [**`ThreadStackSpoofer`**](https://github.com/mgeeky/ThreadStackSpoofer) - A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory. + - **`UnhookMe`** - Dynamically unhooking imports resolver. Implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversary resilience efforts. ``` diff --git a/windows/ShellcodeFluctuation b/windows/ShellcodeFluctuation new file mode 160000 index 0000000..21a7194 --- /dev/null +++ b/windows/ShellcodeFluctuation @@ -0,0 +1 @@ +Subproject commit 21a7194ca70b5a2133457047350595ee0856a284 diff --git a/windows/ThreadStackSpoofer b/windows/ThreadStackSpoofer new file mode 160000 index 0000000..37490f5 --- /dev/null +++ b/windows/ThreadStackSpoofer @@ -0,0 +1 @@ +Subproject commit 37490f57f5c458c69aa2cf92dbb7b6f67141ae89