X-Force Red
IBM Corporation and the author is not responsible or liable for any code hosted here or its use cases.
Pinned Repositories
ADOKit
Azure DevOps Services Attack Toolkit
BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
CredBandit
Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel
InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
InvisibilityCloak
Proof-of-concept obfuscation toolkit for C# post-exploitation tools
SCMKit
Source Code Management Attack Toolkit
SQLRecon
A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
StandIn
StandIn is a small .NET35/45 AD post-exploitation toolkit
WFH
Windows_LPE_AFD_CVE-2023-21768
LPE exploit for CVE-2023-21768
X-Force Red's Repositories
xforcered/Windows_LPE_AFD_CVE-2023-21768
LPE exploit for CVE-2023-21768
xforcered/InvisibilityCloak
Proof-of-concept obfuscation toolkit for C# post-exploitation tools
xforcered/SQLRecon
A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
xforcered/BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
xforcered/ADOKit
Azure DevOps Services Attack Toolkit
xforcered/StandIn
StandIn is a small .NET35/45 AD post-exploitation toolkit
xforcered/CredBandit
Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel
xforcered/InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
xforcered/WFH
xforcered/SCMKit
Source Code Management Attack Toolkit
xforcered/BOFMask
xforcered/Dendrobate
Managed code hooking template.
xforcered/Detect-Hooks
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
xforcered/xPipe
Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
xforcered/AdvSim.Cryptography
Simple and sane cryptographic wrapper library.
xforcered/DayBird
Extension functionality for the NightHawk operator client
xforcered/GetWebDAVStatus
Determine if the WebClient Service (WebDAV) is running on a remote system
xforcered/scan4log4shell
A Burp Pro extension that adds log4shell checks to Burp Scanner.
xforcered/VectoredExceptionHandling
xforcered/Windows_MSKSSRV_LPE_CVE-2023-36802
LPE exploit for CVE-2023-36802
xforcered/elfpack
ELF Sectional docking payload injector system
xforcered/AdvSim.Compression
Simple and sane compression wrapper library.
xforcered/CheckCert
Obtain and parse SSL certificates
xforcered/wubblegum
A smart card reconnaissance tool able to map out many different kinds of smart cards.
xforcered/python_intruder_payloads
A Burp Suite extension to allow Burp Intruder payloads to be processed and generated using custom Python scripts.
xforcered/goEnum
goEnum is a modular and system-agnostic enumeration framework