Search Results for "c"

It uses a range of methods to evade EDR and AV while allowing the operator to continue using tooling and tradecraft they are familiar with. Its powered by Python 3.8 and C, and uses Donut for payload generation. By using Donut along with the process injection capabilities of SHAD0W, it provides the operator the ability to execute .NET assemblies, DLLs, EXEs, JS, VBS or XSLs fully inside the memory. Dynamically resolved syscalls are heavily used to avoid userland API hooking, anti-DLL injection to make it harder for EDR to load code into the beacons, and official Microsoft mitigation methods to protect spawn processes. ...

A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. Takes advantage of cleartext credentials in memory by dumping the process and extracting lines that have a high probability of containing passwords. Will attempt to calculate each word's probability by checking hashes in memory, and regex searches. 2.0 introduces a clean port that aims to increase the speed of execution and portability