This is your work, valued
Somewhere, doing something.
Defender_Exclusions-BOF. A BOF to determine Windows Defender exclusions.
257Self_Deletion_BOF. BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs
187DLL-Hijack-Search-Order-BOF. DLL Hijack Search Order Enumeration BOF
148PPLDump_BOF. A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
142Firewall_Walker_BOF. A BOF to interact with COM objects associated with the Windows software firewall.
114HandleKatz_BOF. A BOF port of the research of @thefLinkk and @codewhitesec
105DLL-Exports-Extraction-BOF. DLL Exports Extraction BOF with optional NTFS transactions.
93BeaconDownloadSync.
93DLL_Imports_BOF. A BOF to parse the imports of a provided PE-file, optionally extracting symbols on a per-dll basis.
87Defender-Exclusions-Creator-BOF. C++
85Toggle_Token_Privileges_BOF. Syscall BOF to arbitrarily add/detract process token privilege rights.
68Process_Protection_Level_BOF. C
60BOF_Development_Docker. A VSCode devcontainer for development of COFF files with batteries included.
50BetterPipename. Example of using Sleep to create better named pipes.
41BOF_NativeAPI_Definitions-VSCode. A VSCode plugin to assist with BOF development.
37Cobalt_Strike_Ansible. A project to replicate the functionality of Noah Powers' ServerSetup script, but with error handling and fixed Namecheap API support.
33ADIDNS_Parser. Parser and reconciliation tooling for large Active Directory environments.
33Needle_Sift_BOF. Strstr with user-supplied needle and filename as a BOF.
32DefenderPathExclusions. Creation and removal of Defender path exclusions and exceptions in C#.
32ReadRemoteProcessCommandline_BOF. C
29NativeFunctionStaticMap. A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
28DynamicTabRename. CNA that interacts with a JAR file to dynamically rename GUI tabs within Cobalt Strike from a JSON file.
25cIdentifyServiceDependencies_BOF. Beacon Object File (BOF) for identifying dependent child services of a given parent.
19MITRE_ATTACK_CLI. CLI Search for Security Operators of MITRE ATT&CK URLs
17DLL_Version_Enumeration_BOF. A BOF for enumerating version information for DLLs associated for a Beacon process.
16Bloodhound_Community_Docker. Generator of docker-compose file to allow secure configurations and multi-deployment strategy.
12EntropyFix. reducing the entropy of your payload
11Aggressor_Scripts. A compilation of Aggressor/Sleep scripts for operational purposes that I've made.
11RecreateCSDownloadsTree. Generation of TOML metadata for recreating directory structures from Cobalt Strike Beacon downloads.
9PII_Generator. Fake PII Generator
3nmapdb. A project built upon a loathing of XML.
2ligolo-ng. An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
2SCShell. Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
1ExampleCNARollup.
1SharpHose. Asynchronous Password Spraying Tool in C# for Windows Environments
1TitanLdr. Public variation of Titan Loader
1gistfetch. Command-line utility to grab Github gists from your own account.
1adidns_walker. Parse records of ADIDNS dumped data for valid A records with associated IP addresses
1SituationalAwareness. Quick utilities for situational awareness of endpoints within Cobalt Strike's beacons with execute-assembly.
1