Pinned Repositories
BatDLLLoader
BatBasic BatDLL BatLoader and injection into a Bat Process.
BEAR
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha to secure communication between the payload and the operator machine.
Cable
.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation
CobaltStrike_RedTeam_CheatSheet
Useful Cobalt Strike techniques learned from engagements
earlycascade-injection
early cascade injection PoC based on Outflanks blog post
Ghost
Evasive shellcode loader
LMStudio-FE
Short and simple front-end for LM Studio Self Hosted.
PowerCrypt
The best powershell obfuscator ever made
recaptcha-phish
Phishing with a fake reCAPTCHA
RobineC2
C2 that would probably bypass everything since it's so simple, but not much features than execute commands, and get info from the victim machine.
breachlabs-org's Repositories
breachlabs-org/LsassReflectDumping
This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process
breachlabs-org/Ghost
Evasive shellcode loader
breachlabs-org/Phantom
XOR-encrypted shellcode injector for memory-based execution in remote processes, with integrated anti-analysis techniques.
breachlabs-org/BEAR
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha to secure communication between the payload and the operator machine.
breachlabs-org/nanodump
The swiss army knife of LSASS dumping
breachlabs-org/recaptcha-phish
Phishing with a fake reCAPTCHA
breachlabs-org/BYOVD
Some POCs for my BYOVD research and find some vulnerable drivers
breachlabs-org/Rust-for-Malware-Development
This repository contains my complete resources and coding practices for malware development using Rust 🦀.
breachlabs-org/zphisher
An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
breachlabs-org/Hellshazzard
Indirect Syscall implementation to bypass userland NTAPIs hooking.
breachlabs-org/DigDug
breachlabs-org/VehViolator
Execute via the VEH Handler
breachlabs-org/DirtyCLR
An App Domain Manager Injection DLL PoC on steroids
breachlabs-org/MSC_Dropper
breachlabs-org/specula
breachlabs-org/OperatorsKit
Collection of Beacon Object Files (BOF) for Cobalt Strike
breachlabs-org/GoRedOps
🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educational purpoeses only.
breachlabs-org/skuld
Next-Gen Stealer written in Go. Stealing from Discord, Chromium-Based & Firefox-Based Browsers, Crypto Wallets and more, from every user on every disk. (PoC. For educational purposes only)
breachlabs-org/BenevolentLoader
Shellcode loader using direct syscalls via Hell's Gate and payload encryption.
breachlabs-org/GhostlyHollowingViaTamperedSyscalls
Implementing the ghostly hollowing PE injection technique using tampered syscalls.
breachlabs-org/makephish
Automatically clone websites and patch them with PHP to create phishing pages
breachlabs-org/xeno-rat
Xeno-RAT is an open-source remote access tool (RAT) developed in C#, providing a comprehensive set of features for remote system management. Has features such as HVNC, live microphone, reverse proxy, and much much more!
breachlabs-org/FormThief
Spoofing desktop login applications with WinForms and WPF
breachlabs-org/MultiDump
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
breachlabs-org/InflativeLoading
Dynamically convert a native EXE to PIC shellcode by appending a shellcode stub
breachlabs-org/SharpSelfDelete
PoC to self-delete a binary in C#
breachlabs-org/ExecIT
Execute shellcode files with rundll32
breachlabs-org/powerview.py
Just another Powerview alternative
breachlabs-org/etwunhook
Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.
breachlabs-org/RemoteTLSCallbackInjection
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process