Skip to content
View med0x2e's full-sized avatar

Block or report med0x2e

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Popular repositories Loading

  1. SigFlip SigFlip Public

    SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

    C# 1.1k 190

  2. GadgetToJScript GadgetToJScript Public

    A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.

    C# 880 160

  3. ExecuteAssembly ExecuteAssembly Public

    Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avo…

    C++ 545 108

  4. NTLMRelay2Self NTLMRelay2Self Public

    An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).

    C 394 44

  5. NoAmci NoAmci Public

    Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().

    C# 213 48

  6. vba2clr vba2clr Public

    Running .NET from VBA

    VBA 140 20