Stars
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…
Simple (relatively) things allowing you to dig a bit deeper than usual.
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Research code & papers from members of vx-underground.
A modern 32/64-bit position independent implant template
proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
Execute unmanaged Windows executables in CobaltStrike Beacons
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…
Collection of Beacon Object Files (BOF) for Cobalt Strike
EternalBlue suite remade in C/C++ which includes: MS17-010 Exploit, EternalBlue vulnerability detector, DoublePulsar detector and DoublePulsar Shellcode & DLL uploader
Exploiting DLL Hijacking by DLL Proxying Super Easily
Inject .NET assemblies into an existing process
Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
.NET assembly loader with patchless AMSI and ETW bypass
A shellcode function to encrypt a running process image when sleeping.
xforcered / BokuLoader
Forked from boku7/BokuLoaderA proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!