-
Pyramid Public
a tool to help operate in EDRs' blind spots
-
DojoLoader Public
Generic PE loader for fast prototyping evasion techniques
-
PythonMemoryModule Public
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
-
Packer_Development Public
Forked from rtecCyberSec/Packer_DevelopmentSlides & Code snippets for a workshop held @ x33fcon 2024
-
-
Embedder Public
Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
-
krbdump Public
Forked from realoriginal/krbdumpA way to extract tickets in case I need to purge and restore tickets on the fly.
C UpdatedApr 23, 2024 -
krblist Public
Forked from realoriginal/krblistOld post-ex for listing kerberos tickets. A terribly written clone of `klist`
-
grimreaper Public
Forked from realoriginal/grimreaperA improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls
C UpdatedMar 20, 2024 -
ProcessStomping Public
A variation of ProcessOverwriting to execute shellcode on an executable's section
-
ModuleShifting Public
Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctypes
-
GregsBestFriend Public
Forked from WKL-Sec/GregsBestFriendGregsBestFriend process injection code created from the White Knight Labs Offensive Development course
-
DropSpawn_BOF Public
Forked from Octoberfest7/DropSpawn_BOFCobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
-
-
BouncyGate Public
Forked from eversinc33/BouncyGateHellsGate in Nim, but making sure that all syscalls go through NTDLL.DLL (as in RecycledGate).
-
UnhookingPatch Public
Forked from pdolinic/UnhookingPatchBypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
-
GOAD Public
Forked from Orange-Cyberdefense/GOADgame of active directory
PowerShell GNU General Public License v3.0 UpdatedOct 7, 2022 -
Havoc Public
Forked from HavocFramework/HavocThe Havoc Framework
Go GNU General Public License v3.0 UpdatedOct 1, 2022 -
FilelessRemotePE Public
Forked from ASkyeye/FilelessRemotePELoading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
C++ UpdatedSep 29, 2022 -
DInjector Public
Forked from rvrsh3ll/DInjectorCollection of shellcode injection techniques packed in a D/Invoke weaponized DLL
-
TitanLdr Public
Forked from moonlight-junky/TitanLdrPublic variation of Titan Loader
-
FOLIAGE Public
Forked from moonlight-junky/FOLIAGEPublic variation of FOLIAGE ( original developer )
C UpdatedJun 18, 2022 -
beacon Public
Forked from moonlight-junky/beaconFormer attempt at creating a independent Cobalt Strike Beacon
Python UpdatedJun 18, 2022 -
RWX-Dlls-for-manual-mapping Public
Forked from UCFoxi/RWX-Dlls-for-manual-mappingHere are a few rwx dlls your can use to manual map your cheat dll, they will prob get checked soon...
UpdatedMay 8, 2022 -
OffensivePipeline Public
Forked from snovvcrash/OffensivePipelineOffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.
C# GNU General Public License v3.0 UpdatedMar 2, 2022 -
python-bof-runner Public
Python inline shellcode injector that could be used to run BOFs by leveraging BOF2shellcode
-
DarkLoadLibrary Public
Forked from moloch--/DarkLoadLibraryLoadLibrary for offensive operations
C UpdatedDec 14, 2021 -