safebreach-labs Goto Github PK

aikido_wiper

altfs

The Alternative Fileless File System

bace

Mapping of Binaries that allows Arbitrary Code Execution

back2thefuture

Find patterns of vulnerabilities on Windows in order to find 0-day and write exploits of 1-days. We use Microsoft security updates in order to find the patterns.

backdoros

backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.

bitsinject

A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service), allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account

blog-snippets

Repository of Code Snippets from various SafeBreach Blog posts

cachetalk

Proof-of-concept program that is able to read and write arbitrary bits using HTTP server-side caching

cloudminer

Execute code using Azure Automation service without getting charged

cortexvortex

cowtools

Tools for analyzing Windows containers and break container's isolation

doubledrive

A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files

edraser

EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual.

hafl2

A kAFL based hypervisor fuzzer which fully supports nested VMs

hrs

magicdot

A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue

mkmalwarefrom

Proof-of-concept two-stage dropper generator that uses bits from external sources

moovit_api_scripts

pacdoor

Proof-of-concept JavaScript malware implemented as a Proxy Auto-Configuration (PAC) File

pinjectra

Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)

poolparty

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

pwndsh

Post-exploitation framework (and an interactive shell) developed in Bash shell scripting

pyekaboo

Proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable

rsfw

Request Smuggling Firewall

simplebitsserver

A simple python implementation of a BITS server.

sireprat

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

spacebin

Spacebin is a proof-of-concept malware that exfiltrates data (from No Direct Internet Access environments) via triggering AV on the endpoint and then communicating back from the AV's cloud component.

spooler

wd-pretender