More examples using the Impacket library designed for learning purposes.

The Havoc Framework

Alternative Shellcode Execution Via Callbacks

Run python from a single exe

Shellcode injection technique. Given as C++ header, standalone Rust program or library.

Inject .NET assemblies into an existing process

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.

Robust and practical application control for Windows

A centralized resource for previously documented WDAC bypass techniques

Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs

PowerShell script for automation of routine tasks done after fresh installations of Windows 10 / Server 2016 / Server 2019

Sysmon-Like research tool for ETW

Simple (relatively) things allowing you to dig a bit deeper than usual.

A BOF to parse the imports of a provided PE-file, optionally extracting symbols on a per-dll basis.

NKN shell daemon

Example of running C3 (https://github.com/FSecureLABS/C3) in a Docker container

BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs

Rust Weaponization for Red Team Engagements.

all paths lead to clouds

A header-only C++ library for accessing files in COFF binary format. (Including Windows PE/PE+ formats)

PoC MSVC COFF Object file loader/injector.

CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit

Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

Research code & papers from members of vx-underground.

Collection of remote authentication triggers in C#

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

Proxy Unix applications in the terminal