Pinned Repositories
BeaconEye
Hunts out CobaltStrike beacons and logs operator command output
BOF.NET
A .NET Runtime for Cobalt Strike's Beacon Object Files
DRSAT
Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies
lsarelayx
NTLM relaying for Windows made easy
MirrorDump
Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory
okta-terrify
Okta Verify and Okta FastPass Abuse Tool
SharpBlock
A method of bypassing EDR's active projection DLL's by preventing entry point exection
SweetPotato
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
ThreadlessInject
Threadless Process Injection using remote function hooking.
Volumiser
CCob's Repositories
CCob/SweetPotato
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
CCob/SharpBlock
A method of bypassing EDR's active projection DLL's by preventing entry point exection
CCob/BeaconEye
Hunts out CobaltStrike beacons and logs operator command output
CCob/ThreadlessInject
Threadless Process Injection using remote function hooking.
CCob/BOF.NET
A .NET Runtime for Cobalt Strike's Beacon Object Files
CCob/lsarelayx
NTLM relaying for Windows made easy
CCob/Volumiser
CCob/okta-terrify
Okta Verify and Okta FastPass Abuse Tool
CCob/DRSAT
Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies
CCob/MinHook.NET
A C# port of the MinHook API hooking library
CCob/Shwmae
CCob/gssapi-abuse
A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks
CCob/PIVert
CCob/dnMerge
A lightweight .NET assembly dependency merger that uses dnLib and 7zip's LZMA SDK for compressing dependant assemblies.
CCob/ProvisionAppx
CCob/bittrex4j
Java library for accessing the Bittrex Web API's and Web Sockets
CCob/chlonium
Chromium Cookie import / export tool
CCob/SQL-BOF
Library of BOFs to interact with SQL servers
CCob/Rubeus
Trying to tame the three-headed dog.
CCob/InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
CCob/nodebb-plugin-onesignal
Allows NodeBB to interface with the OneSignal service in order to provide push notifications via OneSignal, originally forked from nodebb-plugin-pushbullet
CCob/sandbox-attacksurface-analysis-tools
Set of tools to analyze Windows sandboxes for exposed attack surface.
CCob/Certify
Active Directory certificate abuse.
CCob/impacket
Impacket is a collection of Python classes for working with network protocols.
CCob/AceLdr
Cobalt Strike UDRL for memory scanner evasion.
CCob/chisel
A fast TCP/UDP tunnel over HTTP
CCob/SharpHoundCommon
Common library used by SharpHound.
CCob/socks5
SOCKS5 server in Golang
CCob/SSH.NET
SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.
CCob/titanldr-ng
A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.