Skip to content
View MaorSabag's full-sized avatar
185 followers · 13 following

Achievements

Achievement: Starstruckx2Achievement: QuickdrawAchievement: Pull Shark

Achievements

Achievement: Starstruckx2Achievement: QuickdrawAchievement: Pull Shark

Block or report MaorSabag

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
MaorSabag/README.md 
    __ __ ____  ___    __ _______ _   __
   / //_// __ \/   |  / //_/__  // | / /
  / ,<  / /_/ / /| | / ,<   /_ </  |/ / 
 / /| |/ _, _/ ___ |/ /| |___/ / /|  /  
/_/ |_/_/ |_/_/  |_/_/ |_/____/_/ |_/

Maor Sabag - Red Team Operator & Malware Developer

Blog   LinkedIn

streak

Red Team Operator focused on Windows internals, evasion research, and offensive tool development. Building C2 implants, EDR bypasses, and lateral movement tools.

C C++ Go Python x86 ASM


Defense Evasion

C2 & Implant Development

  • Adaptix-StealthPalace - Crystal Palace RDLL for Adaptix C2 - Ekko sleep mask, PICO IAT hooks, per-section permission restore
  • adaptix-telegram-bot - Telegram interface for Adaptix C2 teamserver management

Red Team Tooling

Latest post: Sleeping Beauty: Putting Adaptix to Bed with Crystal Palace - Crystal Palace RDLL with Ekko sleep obfuscation, IAT hooking via PICO, and per-section permission restoration for Adaptix C2.

Popular repositories Loading

  1. TrueSightKiller TrueSightKiller Public

    AV/EDR killer leveraging vulnerable kernel drivers

    C++ 482 73

  2. Adaptix-StealthPalace Adaptix-StealthPalace Public

    Forked from h41th/Simple-Crystal-Palace-RDLL-template-for-Adaptix

    Crystal Palace RDLL loader for Adaptix C2 with Ekko sleep obfuscation, IAT hooking via PICO, and per-section permission restoration

    C++ 131 13

  3. impacket-jump impacket-jump Public

    Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service loaders, set descriptions, and run them on demand.

    Python 123 13

  4. SideLoadingDLL SideLoadingDLL Public

    DLL sideloading techniques for stealthy payload execution on Windows

    C 92 22

  5. Paruns-Fart Paruns-Fart Public

    NTDLL unhooking via Parun's Fart technique to bypass EDR userland hooks

    C++ 75 9

  6. interactive-execute-shellcode interactive-execute-shellcode Public

    Remote process shellcode injection with interactive output via named pipes

    C++ 47 9