Evasion kit for Cobalt Strike

Crystal Palace library for proxying Nt API calls via the Threadpool

SOAPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.

Windows Session Hijacking via COM

Venom C2 is a dependency‑free Python3 Command & Control framework for redteam persistence

PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.

Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows Filtering Platform (WFP).

Share threat intelligence and detect tools about APT "NightEgle" (APT-Q-95)

A method to execute syscalls while bypassing EDR's function hooking and call stack analysis.

Windows hypervisor for Intel x64: defensive host hypervisor for Windows designed to mitigate kernel-level attacks including BYOVD, compatible with VMware and Hyper-V.

OWASP Foundation web repository

Payloads for AI Red Teaming and beyond

Some notes and examples for cobalt strike's functionality

Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.

Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.

Tutorial covering how to discover DLLs for Hijacking and how to create proxy DLLS using Microsoft Teams as an example

SharpUp is a C# port of various PowerUp functionality.

Execute unmanaged Windows executables in CobaltStrike Beacons

Section Mapping Process Injection modified with SysWhisper2 (sw2-secinject): Cobalt Strike BOF

Section Mapping Process Injection (secinject): Cobalt Strike BOF

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)

Collection of Beacon Object Files

A BOF port of the research of @thefLinkk and @codewhitesec

Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into…

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

A fast TCP/UDP tunnel over HTTP

Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

The swiss army knife of LSASS dumping

CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking