a signal handler race condition in OpenSSH's server (sshd)

Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll

Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind

A reverse shell with terminal support, data tunneling, and advanced pivoting capabilities.

BOF to steal browser cookies & credentials

A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk

An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

A small x64 library to load dll's into memory.

UDRL for CS

C Just In Time, interpreter and compiler

A beacon object file implementation of PoolParty Process Injection Technique.

C++ self-Injecting dropper based on various EDR evasion techniques.

An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

For when DLLMain is the only way

Encrypted shellcode Injection to avoid Kernel triggered memory scans

Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework

A Windows potato to privesc

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

Embed a payload inside a PNG file

.NET assembly loader with patchless AMSI and ETW bypass

Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.

A tiny Reverse Sock5 Proxy written in C :V

LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.

WMI virus, because funny

AdaptixFramework Extension Kit

A BOF to automate common persistence tasks for red teamers