5 repositorios
Security tools that operate exclusively in volatile memory to minimize forensic footprints.
Distinct from Volatile Memory Processing: Distinct from Volatile Memory Processing: focuses on the execution model of the tool itself rather than general data handling practices.
Explore 5 awesome GitHub repositories matching security & cryptography · Memory-Only Execution. Refine with filters or upvote what's useful.
PEASS-ng is an automated penetration testing framework designed to identify privilege escalation vectors on local systems. It functions as a security assessment utility that scans environments for misconfigurations, sensitive files, and insecure permissions to uncover paths for unauthorized privilege elevation. The project distinguishes itself through a modular script-based enumeration engine that adapts to the target environment. It utilizes environment-aware capability detection and cross-platform shell abstraction to normalize data collection across diverse operating systems, while operati
Operates primarily within volatile memory to avoid leaving permanent traces on the target system.
PowerSploit is a collection of PowerShell modules designed for security assessment, penetration testing, and red team operations. It provides a framework for auditing Windows system configurations and evaluating the effectiveness of security defenses within an enterprise environment. The framework focuses on techniques that leverage native system administration tools and scripting environments to perform operations. It includes capabilities for executing arbitrary commands, escalating user privileges, and maintaining system persistence through event subscriptions. By utilizing in-memory execu
Executes malicious payloads entirely within volatile memory to minimize forensic footprints on storage.
Sliver is a command and control framework designed for adversary emulation and security assessment operations. It provides a centralized platform for managing remote systems, enabling security professionals to coordinate multi-operator sessions and maintain persistent, secure communication channels across diverse network environments. The framework distinguishes itself through its focus on stealth and infrastructure flexibility. It utilizes dynamic payload obfuscation to generate unique binaries and supports in-memory execution to minimize disk artifacts. Communication is secured through mutu
Supports in-memory execution of payloads to minimize disk artifacts and evade forensic detection.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Executes scripts or shellcode exclusively in volatile memory to minimize the forensic footprint on disk.
Phantom-Evasion es un framework de investigación de seguridad diseñado para generar payloads ofuscados y automatizar tareas de post-explotación durante evaluaciones de seguridad autorizadas. Proporciona un conjunto de utilidades para crear ejecutables y bibliotecas personalizados destinados a probar la eficacia de los sistemas de detección de antivirus y seguridad de endpoints. El framework destaca por su enfoque en operaciones residentes en memoria, permitiendo la ejecución de binarios cifrados y shellcode directamente dentro de la memoria del sistema. Al utilizar técnicas como la inyección de código basura, el cifrado de payloads y la obtención remota de recursos, minimiza la huella forense en una máquina objetivo y evita la dependencia del almacenamiento en disco. Más allá de la generación de payloads, la herramienta incluye capacidades para mantener el acceso al sistema a largo plazo mediante la configuración de claves de registro, tareas programadas y servicios en segundo plano. También admite operaciones sigilosas inyectando shellcode en procesos legítimos del sistema y automatizando tareas administrativas, como la gestión de controladores de registro de seguridad y la memoria de procesos, para facilitar escenarios de pruebas de penetración controladas.
Provides a framework for fetching and loading encrypted binaries directly into system memory to avoid writing files to the local disk.