ScareCrow
Freeze
Our great sponsors
| ScareCrow | Freeze | |
|---|---|---|
| 11 | 8 | |
| 2,552 | 1,317 | |
| - | - | |
| 0.0 | 5.0 | |
| 9 months ago | 9 months ago | |
| Go | Go | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ScareCrow
- ScareCrow v5 - a rewrite of the framework with new features, IoC's removed & new evasion techniques added.
- Red team engagement help!
- ScareCrow – Payload creation framework designed around EDR bypass
- Some information and advice about DDoS, from someone who was there during #opPayback
- List of resources
- ScareCrow is a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process (bypassing Application Whitelisting controls). Once the DLL loader is loaded into memory, utilizing a technique to flush an EDR’s hook out the system DLLs ru
-
ScareCrow - Payload Creation Framework Designed Around EDR Bypass
https://github.com/optiv/ScareCrow
- optiv/ScareCrow - Payload creation framework designed around EDR bypass
- GitHub - optiv/ScareCrow: ScareCrow - Payload creation framework designed around EDR bypass.
- ScareCrow - Payload creation framework designed around EDR bypass
Freeze
- Red team engagement help!
-
Bypassing Windows Defender 2023
At the moment I am trying to obfuscate a cobaltstrike exe beacon. I tried with https://github.com/optiv/Freeze and with a custom shellcode loader (encrypted in AES) in C++ but I didn't get any luck.
- Freeze - a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
- Freeze - Payload Generation Toolkit for Bypassing EDR
- Freeze: Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods on Windows
What are some alternatives?
InlineWhispers - Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
SigThief - Stealing Signatures and Making One Invalid Signature at a Time
sliver - Adversary Emulation Framework
Limelighter - A tool for generating fake code signing certificates or signing real ones
maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
NSGenCS - Extendable payload obfuscation and delivery framework
CamPhish - Grab cam shots from target's phone front camera or PC webcam just sending a link.
aes_dinvoke - a repository that contains the program.cs source file that has D/Invoke bare minimum implementation and AES encryption for shellcode execution
Mythic - A collaborative, multi-platform, red teaming framework
go - The Go programming language
evilgrade - Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
EDRs