Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.

Cobalt Strike BOF for evasive .NET assembly execution

CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking

Cybersecurity research results. Simple C/C++ and Python implementations

Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.

Reaping treasures from strings in remote processes memory

EDRSandblast-GodFault

Native Syscalls Shellcode Injector

Obex – Blocking unwanted DLLs in user mode

Generate FUD backdoors

Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.

Admin to Kernel code execution using the KSecDD driver

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.

RISC-V Virtual Machine

Fully functional, from-scratch alternative to the Cobalt Strike Beacon (red teaming tool), offering transparency and flexibility for security professionals and enthusiasts.

Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows Filtering Platform (WFP).

Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.

Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread

Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow with very detailed explanation.

Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven

VirtualBox Git mirror

Reflective DLL Injection Made Bella

CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process injection, persistence and more, leveraging direct syscalls (SysWh…

Generic PE loader for fast prototyping evasion techniques

RunPE implementation with multiple evasive techniques

This is a simple example and explanation of obfuscating API resolution via hashing

A shell for Windows Native Mode

Zipper, a CobaltStrike file and folder compression utility.

transform your payload into ipv4/ipv6/mac arrays