Pinned Repositories
ad-password-protection
Active Directory password filter featuring breached password checking and custom complexity rules
AD_Miner
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
ADCSCoercePotato
ADCSPwnNG
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
AlanFramework
A C2 post-exploitation framework
Alcatraz
x64 binary obfuscator
Amsi-Bypass-Powershell
This repo contains some Amsi Bypass methods i found on different Blog Posts.
CVE-2020-1472_ZeroLogonChecker
C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon
netexec-cheat-sheet
A cheat sheet for CrackMapExec and NetExec
SharpZeroLogon
Zerologon Exploiter I used on Cobalt Strike
CPO-EH's Repositories
CPO-EH/ad-password-protection
Active Directory password filter featuring breached password checking and custom complexity rules
CPO-EH/ADCSPwnNG
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
CPO-EH/Alcatraz
x64 binary obfuscator
CPO-EH/BlackLotus
BlackLotus UEFI Windows Bootkit
CPO-EH/Chimera
Automated DLL Sideloading Tool With EDR Evasion Capabilities
CPO-EH/commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com
CPO-EH/CompMgmtLauncher_DLL_UACBypass
CompMgmtLauncher & Sharepoint DLL Search Order hijacking UAC/persist via OneDrive
CPO-EH/cs2br-bof
CPO-EH/D1rkInject
Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state
CPO-EH/DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
CPO-EH/DavRelayUp
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
CPO-EH/DonPAPI
Dumping DPAPI credz remotely
CPO-EH/EasyPen
EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation
CPO-EH/elevationstation
elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
CPO-EH/ElusiveMice
Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
CPO-EH/FilelessRemotePE
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
CPO-EH/Freeze
Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
CPO-EH/fuxploider
File upload vulnerability scanner and exploitation tool.
CPO-EH/GregsBestFriend
GregsBestFriend process injection code created from the White Knight Labs Offensive Development course
CPO-EH/KRBUACBypass
UAC Bypass By Abusing Kerberos Tickets
CPO-EH/log4shell-detector
Detector for Log4Shell exploitation attempts
CPO-EH/Medusa
LD_PRELOAD Rootkit
CPO-EH/Obligato
This project is an implant framework designed for long term persistent access to Windows machines.
CPO-EH/PersistBOF
CPO-EH/PhoenixC2
Command & Control-Framework created for collaboration in python3
CPO-EH/S4UTomato
Escalate Service Account To LocalSystem via Kerberos
CPO-EH/TeamsPhisher
Send phishing messages and attachments to Microsoft Teams users
CPO-EH/VMUnprotect
VMUnprotect can dynamically log and manipulate calls from virtualized methods by VMProtect.
CPO-EH/VMUnprotect.Dumper
VMUnprotect.Dumper can dynamically untamper VMProtected Assembly.
CPO-EH/yetAnotherObfuscator
C# obfuscator that bypass windows defender