Stars
[ BOF-LAUNCHER ] -> an API for loading, executing and in-memory masking BOFs on Windows and Linux for use in C/Zig/Go/Rust agents/implants. [ Z-BEAC0N ] -> a custom-written stage-1 (pre-C2) solutio…
Tips on how to write exploit scripts (faster!)
Materials for the workshop "Red Team Ops: Havoc 101"
A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
Situational Awareness commands implemented using Beacon Object Files
ChatGPT for Mac, living in your menubar.
This map lists the essential techniques to bypass anti-virus and EDR
Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
ThePhish: an automated phishing email analysis tool
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Project for tracking publicly disclosed DLL Hijacking opportunities.
Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
Abusing impersonation privileges through the "Printer Bug"
Real-time face swap for PC streaming or video calls
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)