Usman Sikander

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques and methods used by adversaries.

This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory.

This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process

This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead in the field. It provides a valuable resource for those dedicated to improving their skills in malware development, malware research, offensive security, security defenses and measures.

This code run as a service continuous monitoring all Sysmon event logs and take action based on events generated by attackers activities. Also sending filtered and contextual details on telegram bots to update administrators. Uploading and capturing all malware's dropped by attackers.

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.

DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Security researchers identified this technique which uses a simplified process of DLL hijacking and mock folders to bypass UAC control. I tested this on Windows 10,11 and bypassed Windows 10 UAC security feature.

Ransomware written in C. This project is only for educational purposes. This will encrypt data from current working directory.

Direct syscalls Injection to bypass AV/EDR

Simple batch scripts to get NT-Authority

This exploit rebuilds and exploit the CVE-2019-16098 which is in driver Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. Instead of hardcoded base address of Ntoskrnl.exe, I calculated it dynamically and recalulated the fields offsets

This central repository is crafted for cybersecurity enthusiasts, researchers, and professionals aiming to advance their skills. It offers valuable resources for those focused on analyzing and understanding different types of malware.

.NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit is loading a malicious DLL using Task Scheduler (MMC) to bypass UAC and getting admin privileges.

"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures.

Welcome to my professional portfolio, a centralized hub where you can access a comprehensive collection of my cybersecurity series, blogs and projects, expertly organized for your exploration and insight.

This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission and write the shellcode.

No description provided.

Compiled tools for internal assessments

I have created a python based exploit which is getting Username, Passwords, Url's from Google Chrome

This repository contains the c# code which is using latest persistence technique and multiple anti-vm, anti-sandboxes techniques. Creating persistence by using WindowsApps folder, schtasks, powershell cmdlet (Get-Variable).

Send victim Information using telegram bot. Simple php script to connect with telegram bot and sent user agent information on telegram.

I have created a reverse connection client from scratch in the C# programming language and execute arbitrary commands to perform C&C on the target system. To connect to the host with port, you need to pass the IP address in the first parameter and integer port number as the second argument.

Powerfull scripts to bypass windows defender

Modify Virtual Box System Information

No description provided.

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.

This is Advance Phishing Tool ! OTP PHISHING

Miscellaneous exploit code