Pinned Repositories
ClipboardHistoryThief
POC tool to extract all persistent clipboard history data from clipboard service process memory
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
GhostTask
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
Quser-BOF
Cobalt Strike BOF for quser.exe implementation using Windows API
RDPHijack-BOF
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
SCCMVNC
A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.
ScheduleRunner
A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation
ServiceMove-BOF
New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
Suspended-Thread-Injection
Another meterpreter injection technique using C# that attempts to bypass Defender
TrustedPath-UACBypass-BOF
Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object.
netero1010's Repositories
netero1010/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
netero1010/GhostTask
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
netero1010/ScheduleRunner
A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation
netero1010/RDPHijack-BOF
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
netero1010/ServiceMove-BOF
New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
netero1010/TrustedPath-UACBypass-BOF
Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object.
netero1010/Quser-BOF
Cobalt Strike BOF for quser.exe implementation using Windows API
netero1010/SCCMVNC
A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.
netero1010/ClipboardHistoryThief
POC tool to extract all persistent clipboard history data from clipboard service process memory
netero1010/Suspended-Thread-Injection
Another meterpreter injection technique using C# that attempts to bypass Defender
netero1010/SysWhispers3
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
netero1010/Vulnerability-Disclosure
netero1010/BOFs
Collection of Beacon Object Files
netero1010/WindowsDllsExport
A list of all the DLLs export in C:\windows\system32\