Pinned Repositories
CVE-2018-8174-msf
CVE-2018-8174 - VBScript memory corruption exploit.
DNS-Persist
DNS-Persist is a post-exploitation agent which uses DNS for command and control.
DropboxC2C
DropboxC2C is a post-exploitation agent which uses Dropbox Infrastructure for command and control operations.
IIS-Raid
A native backdoor module for Microsoft IIS (Internet Information Services)
raven
raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.
RdpThief
Extracting Clear Text Passwords from mstsc.exe using API Hooking.
RsaTokenExtractor
A simple toolkit on extracting RSA Software Tokens from RSA SecureID
WordSteal
This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes.The author does not keep responsibility for any illegal action you do.
Browser-ExternalC2
External C2 Using IE COM Objects
o365-attack-toolkit
A toolkit to attack Office365
0x09AL's Repositories
0x09AL/WordSteal
This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes.The author does not keep responsibility for any illegal action you do.
0x09AL/0x09al.github.io
0x09AL/CVE-2020
2020一些漏洞
0x09AL/Whisker
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
0x09AL/C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
0x09AL/DFSCoerce
0x09AL/EDRs
0x09AL/nserver
Python DNS Name Server Framework
0x09AL/PhishingBook
红蓝对抗:钓鱼演练资源汇总&备忘录
0x09AL/AttackSurfaceAnalyzer
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
0x09AL/BHEU23-firmware-workshop
In this Arsenal lab session, we will extract firmware from an EV charger, dig into the firmware, and eventually emulate it so we can interact with the services in real-time.
0x09AL/BOFs
Collection of Beacon Object Files
0x09AL/CertStealer
A .NET tool for exporting and importing certificates without touching disk.
0x09AL/CLRvoyance
Managed assembly shellcode generation
0x09AL/DarkLoadLibrary
LoadLibrary for offensive operations
0x09AL/deda
0x09AL/DelegationBOF
0x09AL/DroppedConnection
0x09AL/ESC
Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting SQL Servers during penetration tests and red team engagements. The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.
0x09AL/hermes
Swift 5 macOS agent
0x09AL/HiddenDesktop
HVNC for Cobalt Strike
0x09AL/HWSyscalls
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
0x09AL/ImHex
A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM.
0x09AL/Misconfiguration-Manager
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
0x09AL/noPac
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
0x09AL/poc
Proof of Concepts
0x09AL/poseidon
Poseidon is a Golang agent targeting Linux and macOS
0x09AL/sandbox-attacksurface-analysis-tools
Set of tools to analyze Windows sandboxes for exposed attack surface.
0x09AL/SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
0x09AL/SharpSCCM
A C# utility for interacting with SCCM