Executables on Disk? Bleh 🤮

Related tags

Command-line exe_who
Overview

Executables on Disk? Preposterous!

Saving executables to disk is like telling EDRs that "Hey! Take a look at this thing I just fetched from the Internet!". No Red-Teamer wants that at the end of the day. That's why we are here to help!

Compile and Build!

Compiling is as easy as:

C:\Users\User\Codes\exe_who> cargo build --release

No PEs

Current Features

  • Patch ETW
  • Patch AMSI
  • Sandbox Detection
    • User Activity Detection
    • Check for Sandbox Drivers
    • Check for Sleep Patching
    • Check Filename Hash
  • Check for EDR drivers
  • Fetch PEs and DLLs and run them in-memory
You might also like...
Run VM disk images using Podman / Docker / Kubernetes.
Run VM disk images using Podman / Docker / Kubernetes.

The crun-vm OCI Runtime crun-vm is an OCI Runtime that enables Podman, Docker, and Kubernetes to run QEMU-compatible Virtual Machine (VM) images. This

Containers 156 Nov 21, 2024
dua (- Disk Usage Analyzer) is a tool to conveniently learn about the usage of disk space of a given directory

dua (- Disk Usage Analyzer) is a tool to conveniently learn about the usage of disk space of a given directory. It's parallel by default and will max

Sebastian Thiel 1.8k Jan 2, 2023
Easily embed and manage assets for your web application to build standalone-executables. Offers filename hashing, templating and more.

reinda: easily embed and manage assets This library helps you manage your assets (external files) and is mostly intended to be used in web application

Lukas Kalbertodt 23 Jul 15, 2022
Fuse filesystem that returns symlinks to executables based on the PATH of the requesting process.

Envfs Fuse filesystem that returns symlinks to executables based on the PATH of the requesting process. This is useful to execute shebangs on NixOS th

Jörg Thalheim 98 Jan 2, 2023
A small unix and windows lib to search for executables in PATH folders.

A small unix and windows lib to search for executables in path folders.

Robiot 2 Dec 25, 2021
A cargo subcommand for checking and applying updates to installed executables

cargo-update A cargo subcommand for checking and applying updates to installed executables Documentation Manpage Installation Firstly, ensure you have

наб 827 Jan 4, 2023
An extremely ridiculous weekend project that tries to do user-mode emulation of PowerPC executables for classic Mac OS

An extremely ridiculous weekend project that tries to do user-mode emulation of PowerPC executables for classic Mac OS, to run the CodeWarrior C++ compiler without faffing about with SheepShaver or QEMU.

Ash Wolf 34 Dec 6, 2022
Generate rust command line executables from gRPC protobuf services.

Rust template repository. An opinionated starting point for rust projects such as systemd services command line tools client programs server programs

Kris Nóva 8 Sep 18, 2022
📦 Distribute Roblox games as standalone executables -- No existing client necessary. 🚧
📦 Distribute Roblox games as standalone executables -- No existing client necessary. 🚧

📦 Packer Distribute Roblox games as standalone executables. 🚧 Packer is still being worked on. Among many other things, Windows is not currently sup

Brooke Rhodes 16 Dec 20, 2022
Operating system based off of blog_os, with the goal of running wasm modules as executables

yavkOS - A OS that attempts at running WASM modules as userspace programs Recommended Development Environment You need nix with the flakes, and nix-co

Yavor Kolev 12 Apr 1, 2023
Terminal disk space navigator 🔭
Terminal disk space navigator 🔭

diskonaut How does it work? Given a path on your hard-drive (which could also be the root path, eg. /). diskonaut scans it and indexes its metadata to

Aram Drevekenin 1.6k Dec 30, 2022
Save disk space by cleaning non-essential files from software projects.
Save disk space by cleaning non-essential files from software projects.

Kondo 🧹 Cleans unneeded directories and files from your system. It will identify the disk space savings you would get from deleting temporary/unneces

Trent 920 Dec 27, 2022
CoreOS Disk Image Rehydrator

In CoreOS we ship a lot of disk images, one for each platform. These are almost entirely the same thing, mostly just with an ignition.platform.id stamp in each disk image, wrapped in a hypervisor/platform specific container.

Colin Walters 6 Jan 19, 2022
Zenith - sort of like top or htop but with zoom-able charts, CPU, GPU, network, and disk usage
Zenith - sort of like top or htop but with zoom-able charts, CPU, GPU, network, and disk usage

Zenith - sort of like top or htop but with zoom-able charts, CPU, GPU, network, and disk usage

Benjamin Vaisvil 1.6k Jan 4, 2023
Terminal disk space navigator 🔭
Terminal disk space navigator 🔭

Given a path on your hard-drive (which could also be the root path, eg. /). diskonaut scans it and indexes its metadata to memory so that you could explore its contents (even while still scanning!).

Aram Drevekenin 1.6k Dec 30, 2022
osu-link is a program which links osu!stable beatmaps to osu!lazer's new store format, saving you disk space.

osu-link is a program which links osu!stable beatmaps to osu!lazer's new store format, saving you disk space.

LavaDesu 2 Nov 8, 2021
disk backed wal queue

Repository Template  Queue like disk backed WAL Pronouced Quál - from the german wordrd for agony - because it is. Operations The basic concept is si

The Tremor Project 8 Jun 4, 2022
A tool to subscribe to Twitch channels and store them efficiently on disk

twitch-messages A tool to subscribe to Twitch channels and store them efficiently on disk Build the Tools You can start by building the binaries that

Clément Renault 1 Oct 31, 2021
Count zeroes on a disk or a file

Count zeroes on a disk or a file

Cecile Tonglet 1 Dec 12, 2021
Owner
whokilleddb
The funny lines I call code.
whokilleddb
GitHub
A small unix and windows lib to search for executables in PATH folders.

A small unix and windows lib to search for executables in path folders.

Robiot 2 Dec 25, 2021
A cargo subcommand for checking and applying updates to installed executables

cargo-update A cargo subcommand for checking and applying updates to installed executables Documentation Manpage Installation Firstly, ensure you have

наб 827 Jan 4, 2023
📦 Distribute Roblox games as standalone executables -- No existing client necessary. 🚧

?? Packer Distribute Roblox games as standalone executables. ?? Packer is still being worked on. Among many other things, Windows is not currently sup

Brooke Rhodes 16 Dec 20, 2022
Zenith - sort of like top or htop but with zoom-able charts, CPU, GPU, network, and disk usage

Zenith - sort of like top or htop but with zoom-able charts, CPU, GPU, network, and disk usage

Benjamin Vaisvil 1.6k Jan 4, 2023
Terminal disk space navigator 🔭

Given a path on your hard-drive (which could also be the root path, eg. /). diskonaut scans it and indexes its metadata to memory so that you could explore its contents (even while still scanning!).

Aram Drevekenin 1.6k Dec 30, 2022
A library for loading and executing PE (Portable Executable) from memory without ever touching the disk

memexec A library for loading and executing PE (Portable Executable) from memory without ever touching the disk This is my own version for specific pr

FssAy 5 Aug 27, 2022
garbage-collecting on-disk object store, supporting higher level KV stores and databases.

marble Garbage-collecting disk-based object-store. See examples/kv.rs for a minimal key-value store built on top of this. Supports 4 methods: read: de

Komora 215 Dec 30, 2022
A user-friendly, lightweight TUI for disk imaging

Caligula Burning Tool Caligula is a user-friendly, lightweight TUI for imaging disks. $ caligula burn -h Burn an image to a disk Usage: caligula burn

Astrid Yu 25 Mar 26, 2023
💾Saving Your Hard Disk, One Project at a Time

nodemore ?? Nodemore Recursively Searches Directories for Unused Projects Contents Why? Installation Usage Configuration Why? NodeJS has a horrible wa

Will 13 Apr 16, 2023
A simple disk benchmark tool.

simple-disk-benchmark A simple disk benchmark tool. Operating Systems Currently, macOS and Linux are tested. Windows may work but is not tested. Devel

Jonathan Wight 7 Jul 31, 2023