Sliver Armory
The finest collection of open-source armaments, curated for the aspiring cyberwar profiteer.
Pinned Repositories
armory
The Official Sliver Armory
C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
COFFLoader
CS-Situational-Awareness-BOF
Situational Awareness commands implemented using Beacon Object Files
hashdump
Dump Windows SAM hashes
injectAmsiBypass
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
injectEtwBypass
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
libreflect
nanodump
Dump LSASS like you mean it
private-armory
A self-hosted Armory implementation.
Sliver Armory's Repositories
sliverarmory/libreflect
sliverarmory/InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
sliverarmory/nopowershell
PowerShell rebuilt in C# for Red Teaming purposes
sliverarmory/ServiceMove-BOF
New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
sliverarmory/HandleKatz_BOF
A BOF port of the research of @thefLinkk and @codewhitesec
sliverarmory/KillDefenderBOF
Beacon Object File PoC implementation of KillDefender
sliverarmory/SCShell
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
sliverarmory/secinject
Section Mapping Process Injection (secinject): Cobalt Strike BOF
sliverarmory/tgtdelegation
tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"
sliverarmory/bof-collection
Collection of Beacon Object Files (BOF) for Cobalt Strike
sliverarmory/BofRoast
Beacon Object Files for roasting Active Directory
sliverarmory/BOFs
Collection of Beacon Object Files
sliverarmory/DelegationBOF
sliverarmory/DragonCastle
A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
sliverarmory/HOLLOW
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
sliverarmory/KDStab
BOF combination of KillDefender and Backstab
sliverarmory/KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
sliverarmory/LdapSignCheck
Beacon Object File & C# project to check LDAP signing
sliverarmory/LockSmith
ObjectiveC CLI tool for interacting with macOS Keychain
sliverarmory/PS
sliverarmory/Sharp-SMBExec
SMBExec C# module
sliverarmory/SharpEfsPotato
Local privilege escalation from SeImpersonatePrivilege using EfsRpc.
sliverarmory/SharpHose
Asynchronous Password Spraying Tool in C# for Windows Environments
sliverarmory/SharpHound
sliverarmory/SharpHound3
C# Data Collector for the BloodHound Project, Version 3
sliverarmory/SharpMapExec
sliverarmory/SharpSecDump
.Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
sliverarmory/SharpUp
SharpUp is a C# port of various PowerUp functionality.
sliverarmory/SharpWMI
SharpWMI is a C# implementation of various WMI functionality.
sliverarmory/unhook-bof
Remove API hooks from a Beacon process.