Simple (relatively) things allowing you to dig a bit deeper than usual.

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

Open-Source Shellcode & PE Packer

Situational Awareness commands implemented using Beacon Object Files

A tool to kill antimalware protected processes

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

HVNC for Cobalt Strike

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

C/C++ source obfuscator for antivirus bypass

Cobalt Strike UDRL for memory scanner evasion.

Complete list of LPE exploits for Windows (starting from 2023)

Windows Elevation(持续更新)

Collection of Beacon Object Files

PIC lsass dumper using cloned handles

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting…

Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

A clean and blue BSPWM setup

A list of all the DLLs export in C:\windows\system32\

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditiona…

A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/

Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.

Simple EDR implementation to demonstrate bypass