Direct Memory Access (DMA) Attack Software

Simple (relatively) things allowing you to dig a bit deeper than usual.

Hiding kernel-driver for x86/x64.

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

A modern 32/64-bit position independent implant template

Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.

Sleep Obfuscation

A .NET Runtime for Cobalt Strike's Beacon Object Files

Various Cobalt Strike BOFs

Collection of Beacon Object Files (BOF) for Cobalt Strike

Red Team C code repo

Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind

A small x64 library to load dll's into memory.

A tiny Reverse Sock5 Proxy written in C :V

Evasion kit for Cobalt Strike

The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

C or BOF file to extract WebKit master key to decrypt user cookie

Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.

Simple EDR implementation to demonstrate bypass

DLL Generator for side loading attack

A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike

Local SYSTEM auth trigger for relaying - X

Repository containing all training and tutorials completed in preparation for the OSEE in conjunction with the AWE course.

Boilerplate to develop raw and truly Position Independent Code (PIC).

Alternative Read and Write primitives using Rtl* functions the unintended way.

Payload Obfuscation for Red Teams workshop materials

A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.

Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible in memory.

A Crystal Palace shared library to resolve & perform syscalls