5 dépôts
Security tools that operate exclusively in volatile memory to minimize forensic footprints.
Distinct from Volatile Memory Processing: Distinct from Volatile Memory Processing: focuses on the execution model of the tool itself rather than general data handling practices.
Explore 5 awesome GitHub repositories matching security & cryptography · Memory-Only Execution. Refine with filters or upvote what's useful.
PEASS-ng is an automated penetration testing framework designed to identify privilege escalation vectors on local systems. It functions as a security assessment utility that scans environments for misconfigurations, sensitive files, and insecure permissions to uncover paths for unauthorized privilege elevation. The project distinguishes itself through a modular script-based enumeration engine that adapts to the target environment. It utilizes environment-aware capability detection and cross-platform shell abstraction to normalize data collection across diverse operating systems, while operati
Operates primarily within volatile memory to avoid leaving permanent traces on the target system.
PowerSploit is a collection of PowerShell modules designed for security assessment, penetration testing, and red team operations. It provides a framework for auditing Windows system configurations and evaluating the effectiveness of security defenses within an enterprise environment. The framework focuses on techniques that leverage native system administration tools and scripting environments to perform operations. It includes capabilities for executing arbitrary commands, escalating user privileges, and maintaining system persistence through event subscriptions. By utilizing in-memory execu
Executes malicious payloads entirely within volatile memory to minimize forensic footprints on storage.
Sliver is a command and control framework designed for adversary emulation and security assessment operations. It provides a centralized platform for managing remote systems, enabling security professionals to coordinate multi-operator sessions and maintain persistent, secure communication channels across diverse network environments. The framework distinguishes itself through its focus on stealth and infrastructure flexibility. It utilizes dynamic payload obfuscation to generate unique binaries and supports in-memory execution to minimize disk artifacts. Communication is secured through mutu
Supports in-memory execution of payloads to minimize disk artifacts and evade forensic detection.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Executes scripts or shellcode exclusively in volatile memory to minimize the forensic footprint on disk.
Phantom-Evasion est un framework de recherche en sécurité conçu pour générer des charges utiles (payloads) obfusquées et automatiser les tâches de post-exploitation lors d'évaluations de sécurité autorisées. Il fournit une suite d'utilitaires pour créer des exécutables et des bibliothèques personnalisés destinés à tester l'efficacité des systèmes de détection antivirus et de sécurité des terminaux. Le framework se distingue par une focalisation sur les opérations résidant en mémoire, permettant l'exécution de binaires chiffrés et de shellcode directement dans la mémoire système. En utilisant des techniques telles que l'injection de code inutile, le chiffrement de charge utile et la récupération de ressources à distance, il minimise l'empreinte forensique sur une machine cible et évite la dépendance au stockage sur disque. Au-delà de la génération de charges utiles, l'outil inclut des capacités pour maintenir un accès système à long terme via la configuration de clés de registre, de tâches planifiées et de services en arrière-plan. Il prend également en charge les opérations furtives en injectant du shellcode dans des processus système légitimes et en automatisant les tâches administratives, telles que la gestion des pilotes de journalisation de sécurité et la mémoire des processus, pour faciliter les scénarios de tests d'intrusion contrôlés.
Provides a framework for fetching and loading encrypted binaries directly into system memory to avoid writing files to the local disk.