Phantom Tap (PhanTap) - an ‘invisible’ network tap aimed at red teams

Cobalt Strike HTTPS beaconing over Microsoft Graph API

tools

A command-line network packet crafting and injection utility

Executes PowerShell from an unmanaged process

Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (AC…

An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

iOS 11.1.2 (15B202) Jailbreak

PoC for CVE-2021-3156 (sudo heap overflow)

Web Fuzzer

LPE exploit for CVE-2023-21768

Course materials for hackaday.io Ghidra training

Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.

CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)

Cobalt Strike BOF for evasive .NET assembly execution

Tool to extract Kerberos tickets from Linux kernel keys.

Library and tools to access the Windows Shortcut File (LNK) format

An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution

Malicious USB

Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique

Determine if the WebClient Service (WebDAV) is running on a remote system

An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.

Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemory.

Scalpel; File Carving. Configuration files are modified.

Collection of Beacon Object Files (BOFs) for shells and lols