https://github.com/forrest-orr/moneta

Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs

artifact dump hollowing injection ioc malware memory moneta pe process reflective scanner shellcode usermode windows

Last synced: 13 Apr 2025

https://github.com/forrest-orr/phantom-dll-hollower-poc

Phantom DLL hollowing PoC

Last synced: 06 Apr 2025

https://github.com/forrest-orr/artifacts-kit

Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.

artifact dll forensics generator header hollowing kit malware mirroring moating pe phtnaom shellcode wiping

Last synced: 09 Apr 2025

https://github.com/forrest-orr/doublestar

A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques

alpc apt chain cve-2019-17026 cve-2020-0674 darkhotel double eop exploit firefox jit pac rpc shellcode star wpad

Last synced: 11 Jul 2025

https://github.com/forrest-orr/exploits

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

asm browser c cve cve-2019-17026 cve-2020-0674 exploit firefox ie ionmonkey js jscript ms12-037 ms13-008 ms14-051 poc shellcode uaf windows wpad

Last synced: 15 Apr 2025

https://github.com/forrest-orr/wizardopium

Google Chrome Use After Free

after apt browser chrome cve-2019-13720 exploit free google opium shellcode uaf use wasm wizard wizardopium

Last synced: 24 Apr 2025

https://github.com/forrest-orr/exploitdev

Various tools, PoCs and experiments related to my blog at https://www.forrest-orr.net/

Last synced: 25 Jun 2025

https://github.com/forrest-orr/gallery

Last synced: 25 Jul 2025

https://github.com/forrest-orr/filehosttests

Last synced: 22 Feb 2025