ForsHops

Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object to DCOM call of PrintNotify.

无痕注入1

无痕注入1

Unorthodox and stealthy way to inject a DLL into the explorer using icons

红队 C2 框架，使用 No X Loader 技术。Red Team C2 Framework, using No X Loader technology.

POC Utilizing the new SleepMask-VS kit to utilize RC4 encryption.

kernel callback removal (Bypassing EDR Detections)

A BOF that's a BOF Loader

An even funnier way to disable windows defender. (through WSC api)

An easy-to-use and powerful Macro for Stack Spoofing.

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

Smart keylogging capability to steal SSH Credentials including password & Private Key

C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, pivot and more.

A Windows PE loader with full TLS (Thread Local Storage) support (manual mapper)

支持x86/x64的DLL和Shellcode 的Windows注入的免杀工具

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Obfuscate specific windows apis with different apis

Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging

Cobaltstrike Reflective Loader with Synthetic Stackframe

Sleep obfuscation

🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python

Shoggoth: Asmjit Based Polymorphic Encryptor