Pinned Repositories
BeaconNotifier-Discord
Cobalt strike CNA script to notify you via Discord whenever there is a new beacon.
BOF-patchit
An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.
CobaltStrikeReflectiveLoader
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
PerunsFart-PPID
Userland API hooking bypass using PerunsFart spawning created process with spoofed PPID
sleepmask_ekko_cfg
Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
sleepmask_PatchlessHook
Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
SuperSharpShooter
Payload Generation Framework
sw2-secinject
Section Mapping Process Injection modified with SysWhisper2 (sw2-secinject): Cobalt Strike BOF
SysmonQuiet
RDLL for Cobalt Strike beacon to silence sysmon process
vba_bin_runner
Basic python tools to generate shellcode runner in vba
ScriptIdiot's Repositories
ScriptIdiot/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
ScriptIdiot/GraphStrike
Cobalt Strike HTTPS beaconing over Microsoft Graph API
ScriptIdiot/Kerbeus-BOF
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
ScriptIdiot/ScrapedIn
A tool to scrape LinkedIn without API restrictions for data reconnaissance
ScriptIdiot/SuperSharpShares
SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your associated domain account.
ScriptIdiot/wifi-pentesting-guide
WiFi Penetration Testing Guide
ScriptIdiot/ADCSCoercePotato
ScriptIdiot/ADOKit
Azure DevOps Services Attack Toolkit
ScriptIdiot/Artillery
CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administrator.
ScriptIdiot/BobTheSmuggler
"Bob the Smuggler": A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots).
ScriptIdiot/ClickOnce-AppDomain-Manager-Injection
Click Once + App Domain
ScriptIdiot/Cloudflare-Redirector
Just another C2 Redirector using CloudFlare.
ScriptIdiot/cmloot
ScriptIdiot/crtsh
A Python Script to Get Subdomain using https://crt.sh
ScriptIdiot/CsWhispers
Source generator to add D/Invoke and indirect syscall methods to a C# project.
ScriptIdiot/DynamicDotNet
A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
ScriptIdiot/EnumEDR
Some .Net assemblies used to enumerate a host. Best when they are loaded in to memory.
ScriptIdiot/evilginx2-TTPs
Reverse engineered to remove IOCs, added Exchange Online Protection IP blacklist and bing-bot user-agent blocking, DNS configuration and notes on usage.
ScriptIdiot/Free445-BOF
ScriptIdiot/Frida-Labs
The repo contains a series of challenges for learning Frida for Android Exploitation.
ScriptIdiot/InjectKit
Modified versions of the Cobalt Strike Process Injection Kit
ScriptIdiot/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
ScriptIdiot/LdrLibraryEx
A small x64 library to load dll's into memory.
ScriptIdiot/LocalPotato
ScriptIdiot/LocklessBof
Lockless BOF
ScriptIdiot/misc_exe
ScriptIdiot/SharpADWS
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
ScriptIdiot/SharpLateral
Lateral Movement
ScriptIdiot/SOAPHound
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
ScriptIdiot/Training-MSOfficeOffensiveTradecraft
Info related to the Outflank training: Microsoft Office Offensive Tradecraft