Lists (14)
Stars
windows-kernel-exploits Windows平台提权漏洞集合
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
Abusing impersonation privileges through the "Printer Bug"
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
Situational Awareness commands implemented using Beacon Object Files
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditiona…
Execute unmanaged Windows executables in CobaltStrike Beacons
A way to delete a locked file, or current running executable, on disk.
Simulate the behavior of AV/EDR for malware development training.
KaynLdr is a Reflective Loader written in C/ASM
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.
BOF to steal browser cookies & credentials
SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version fo…
A Visual Studio template used to create Cobalt Strike BOFs
Research on Windows Kernel Executive Callback Objects
Fully functional, from-scratch alternative to the Cobalt Strike Beacon (red teaming tool), offering transparency and flexibility for security professionals and enthusiasts.
Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
Generic PE loader for fast prototyping evasion techniques