Discover @med0x2e Open Source projects

Mohamed El Azaar (@med0x2e)

med0x2e

Stars
3,199
Global Rank 9,147 (Top 0.4 %)
Followers 536
Following 3
Registered almost 12 years ago
Most used languages

C#
40.0 %

Python
10.0 %

PowerShell
10.0 %

Go
10.0 %

C++
10.0 %

C
10.0 %

VBA 10.0 %
Location 🇦🇪 United Arab Emirates
Country Total Rank 18
Country Ranking

C#
1

VBA 1

C
2

C++
2

PowerShell
3

Go
19

Python
778

SigFlip

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

GadgetToJScript

A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.

ExecuteAssembly

Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).

NTLMRelay2Self

An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).

NoAmci

Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().

vba2clr

Running .NET from VBA

NET-Assembly-Inject-Remote

.NET assembly local/remote loading/injection into memory.

genxlm

A simple script to generate JScript code for calling Win32 API functions using XLM/Excel 4.0 macros via Excel.Application "ExecuteExcel4Macro"

RT-EWS

A Powershell module including a couple of cmdlets for EWS Enum/Exploitation.

Scrncat

A script using OCR (pytesseract) and PIL to rename/order/group Screenshots into PR/RT phases based on which RT/PT stage executed commands correspond to & Redact passwords based on common password patterns (Regex) or a passwords/hashes list of choice.