Daniel Roberson

Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.

Cheat sheet and notes inspired by the book RTFM - Red Team Field Manual

Backdoor that listens for specially crafted ICMP packets and spawns reverse shells.

Fake sshd that logs ip addresses, usernames, and passwords.

Simple ELF crypter. Uses RC4 encryption.

SSH proxy with HASSH firewalling capabilities

PoC LKM to force run cleanup_module() on other LKMs

ptrace injection

execute stuff in memory

no awareness, swift as gold

'anew'-like utility that adds new lines to a file and de-duplicates streams

Linux LKM that detects sys_call_table[] manipulation

Various fuzzers written in Python. Currently has a TCP server for fuzzing client software, and a CLI fuzzer to use against programs ran from the command line.

Compile .py files as ELF using Cython

LKM to detect + kill golang bins

various probabilistic data structures implemented in C

Phrack Crackme Challenges

misc yara rules

masscan without the m

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, DPDK and PF_RING.

DNS logging, detection, ...

Scaling Network Scanning

EVERY MAN HAS A PRICE

static linked bash, coreutils, and binutils for Linux/amd64

hassh-utils: Nmap NSE Script and Docker image for HASSH (https://github.com/salesforce/hassh)

Nmap - the Network Mapper. Github mirror of official SVN repository.

My dotfiles.

Sends spoofed syslog packets using scapy

Its like GORILLAS.BAS, just different. Creates a bunch of bogus files/directories to deceive web vulnerability scanners.

Utilize Pastebin's scraping API to find interesting pastes.