Lists (3)
Stars
Defanged malware stages from the litellm 1.82.8 PyPI supply chain compromise — credential stealer, K8s lateral movement, C2 backdoor
A tool for pointesters to find candies in SharePoint
.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation
GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft SharePoint List and exfiltrate files using Google Drive or…
DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
Dump cookies and credentials directly from Chrome/Edge process memory
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
Exploit for the CVE-2024-5806
.NET AWS lambda function for redirecting traffic to a cobaltstrike C2 server
Automated AWS serverless infrastructure for Red Team C2 redirectors
A script that can be deployed to Azure App for C2 / Proxy / Redirector
Leveraging AWS Lambda Function URLs for C2 Redirection
OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
Companion content for my 'Fun with Office Macros' webcast.
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…
PoC for UUID shellcode execution using DInvoke
Hardened Proof of Concept of D/Invoke Process Injection malware