boku7
Follow
-
StringReaper Public
Reaping treasures from strings in remote processes memory
-
patchwerk Public
BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
-
DarkWidow Public
Forked from reveng007/DarkWidowIndirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc…
-
GraphRunner Public
Forked from dafthack/GraphRunnerA Post-exploitation Toolset for Interacting with the Microsoft Graph API
-
ADOKit Public
Forked from xforcered/ADOKitAzure DevOps Services Attack Toolkit
-
BokuLoader Public
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
-
DayBird Public
Forked from xforcered/DayBirdExtension functionality for the NightHawk operator client
-
LOLBAS Public
Forked from LOLBAS-Project/LOLBASLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
XSLT GNU General Public License v3.0 UpdatedAug 5, 2023 -
-
-
LoudSunRun Public
Forked from susMdT/LoudSunRunMy shitty attempt at tampering with the callstack based on the work of namazso, SilentMoonWalk, and VulcanRaven
-
azureOutlookC2 Public
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Mi…
-
Apollo Public
Forked from MythicAgents/ApolloA .NET Framework 4.0 Windows Agent
-
whereami Public
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.
-
-
GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE
-
-
gsCMS-CustomJS-Csrf2Xss2Rce Public
GetSimple CMS Custom JS Plugin Exploit RCE Chain
-
64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free
-
AsmHalosGate Public
x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks
-
HellsGatePPID Public
Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
-
halosgate-ps Public
Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
-
injectAmsiBypass Public
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
-
64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
-
spawn Public
Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (AC…
-
Ninja_UUID_Runner Public
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
-
A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
-
xPipe Public
Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
-
HOLLOW Public
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
-
Windows_LPE_AFD_CVE-2023-21768 Public
Forked from xforcered/Windows_LPE_AFD_CVE-2023-21768LPE exploit for CVE-2023-21768