luom's Stars
kingToolbox/WindTerm
A professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal.
klezVirus/inceptor
Template-Driven AV/EDR Evasion Framework
roadwy/RIP
klezVirus/SysWhispers3
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
boku7/BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
Twi1ight/CSAgent
CobaltStrike 4.x通用白嫖及汉化加载器
Tylous/SourcePoint
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
CCob/BeaconEye
Hunts out CobaltStrike beacons and logs operator command output
bats3c/ADCSPwn
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
HoShiMin/HookLib
The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support
Idov31/FunctionStomping
Shellcode injection technique. Given as C++ header, standalone Rust program or library.
hlldz/RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
ly4k/CallbackHell
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
boku7/azureOutlookC2
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
cube0x0/SharpSystemTriggers
Collection of remote authentication triggers in C#
r-lyeh-archived/sole
:doughnut: Sole is a lightweight C++11 library to generate universally unique identificators (UUID), both v1 and v4.
XiaoliChan/wmiexec-RegOut
Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER.
dtmsecurity/bof_helper
Beacon Object File (BOF) Creation Helper
outflanknl/HelpColor
Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
Ridter/RelayX
NTLM relay test.
waldo-irc/LockdExeDemo
A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/
Sh0ckFR/InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
anthemtotheego/Detect-Hooks
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
mez-0/winrmdll
C++ WinRM API via Reflective DLL
NoOne-hub/Beacon.dll
Beacon.dll reverse
Mikiya83/hbs_decipher
HBS decipher tool for QNAP (not official)
NoOne-hub/bypass-BeaconEye
bypass BeaconEye
mark-s/QnapBackupDecryptor
A tool to decrypt QNAP NAS encrypted backup files (not sync files) created using the QNAP Hybrid Backup Sync tool.
vletoux/RPCForSMBLibrary
Extension of SMBLibrary for RPC calls
ReneNyffenegger/tq84-OCI
Simple OCI (Oracle Call Interface) library in C.