GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dsnezhkov → Zombieant

dsnezhkov / Zombieant

Licence: mit
Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

Programming Languages

c
50402 projects - #5 most used programming language

Labels

linuxdfirpost-exploitationevasion

Projects that are alternatives of or similar to Zombieant

Swap digger
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+109.47%)
Mutual labels:  dfir, post-exploitation
Loki
Loki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+1211.83%)
Mutual labels:  dfir
Lolbas
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 1,506 (+791.12%)
Mutual labels:  dfir
Evilosx
An evil RAT (Remote Administration Tool) for macOS / OS X.
Stars: ✭ 1,826 (+980.47%)
Mutual labels:  post-exploitation
Cacador
Indicator Extractor
Stars: ✭ 115 (-31.95%)
Mutual labels:  dfir
Logontracer
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Stars: ✭ 1,914 (+1032.54%)
Mutual labels:  dfir
Bella
Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻
Stars: ✭ 112 (-33.73%)
Mutual labels:  post-exploitation
Shhmon
Neutering Sysmon via driver unload
Stars: ✭ 166 (-1.78%)
Mutual labels:  evasion
Oriana
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-10.06%)
Mutual labels:  dfir
Mthc
All-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-20.71%)
Mutual labels:  dfir
Evasor
A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies
Stars: ✭ 134 (-20.71%)
Mutual labels:  post-exploitation
Cirtkit
Tools for the Computer Incident Response Team 💻
Stars: ✭ 117 (-30.77%)
Mutual labels:  dfir
Proton
Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.
Stars: ✭ 142 (-15.98%)
Mutual labels:  post-exploitation
Invoke Liveresponse
Invoke-LiveResponse
Stars: ✭ 115 (-31.95%)
Mutual labels:  dfir
Thehive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+1260.95%)
Mutual labels:  dfir
Green Hat Suite
Green-hat-suite is a tool to generate meterpreter/shell which could evade antivirus.
Stars: ✭ 112 (-33.73%)
Mutual labels:  evasion
Silenttrinity
An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
Stars: ✭ 1,767 (+945.56%)
Mutual labels:  post-exploitation
Herakeylogger
Chrome Keylogger Extension | Post Exploitation Tool
Stars: ✭ 138 (-18.34%)
Mutual labels:  post-exploitation
Enumdb
Relational database brute force and post exploitation tool for MySQL and MSSQL
Stars: ✭ 167 (-1.18%)
Mutual labels:  post-exploitation
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-1.78%)
Mutual labels:  post-exploitation
View All Similar Projects ➔

Zombie Ant Farm: A Kit For Playing Hide and Seek with Linux EDRs.

Version 0.5-alpha

Why?

Because monolithic offensive tools are never enough and building your own offensive strategies and tools is fun.

What?

  • Offensive Preloading Primitives and Building Blocks.
  • Distributed Payload Warehousing and Delivery Service.
  • In-Memory Payload Delivery Assistant.
  • ASLR Weakening shims
  • Reflectively evasive techniques.

Components

  • ZAF Preloaders
  • ZAF Evasion Primitives
  • ZAF Warehouse Service
  • In-memory execution and preload
  • ASRL Weakening Kits.

Please see Wiki for details

License

Released under MIT license:

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

IBM Corporation and the author is not responsible or liable for this code or its use cases currently.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].