This is your work, valued

EspressoCake

Expert
@EspressoCake

Somewhere, doing something.

Defender_Exclusions-BOF. A BOF to determine Windows Defender exclusions.

257

Self_Deletion_BOF. BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs

187

DLL-Hijack-Search-Order-BOF. DLL Hijack Search Order Enumeration BOF

148

PPLDump_BOF. A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.

142

Firewall_Walker_BOF. A BOF to interact with COM objects associated with the Windows software firewall.

114

HandleKatz_BOF. A BOF port of the research of @thefLinkk and @codewhitesec

105

DLL-Exports-Extraction-BOF. DLL Exports Extraction BOF with optional NTFS transactions.

93

BeaconDownloadSync.

93

DLL_Imports_BOF. A BOF to parse the imports of a provided PE-file, optionally extracting symbols on a per-dll basis.

87

Defender-Exclusions-Creator-BOF. C++

85

Toggle_Token_Privileges_BOF. Syscall BOF to arbitrarily add/detract process token privilege rights.

68

Process_Protection_Level_BOF. C

60

BOF_Development_Docker. A VSCode devcontainer for development of COFF files with batteries included.

50

BetterPipename. Example of using Sleep to create better named pipes.

41

BOF_NativeAPI_Definitions-VSCode. A VSCode plugin to assist with BOF development.

37

Cobalt_Strike_Ansible. A project to replicate the functionality of Noah Powers' ServerSetup script, but with error handling and fixed Namecheap API support.

33

ADIDNS_Parser. Parser and reconciliation tooling for large Active Directory environments.

33

Needle_Sift_BOF. Strstr with user-supplied needle and filename as a BOF.

32

DefenderPathExclusions. Creation and removal of Defender path exclusions and exceptions in C#.

32

ReadRemoteProcessCommandline_BOF. C

29

NativeFunctionStaticMap. A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.

28

DynamicTabRename. CNA that interacts with a JAR file to dynamically rename GUI tabs within Cobalt Strike from a JSON file.

25

cIdentifyServiceDependencies_BOF. Beacon Object File (BOF) for identifying dependent child services of a given parent.

19

MITRE_ATTACK_CLI. CLI Search for Security Operators of MITRE ATT&CK URLs

17

DLL_Version_Enumeration_BOF. A BOF for enumerating version information for DLLs associated for a Beacon process.

16

Bloodhound_Community_Docker. Generator of docker-compose file to allow secure configurations and multi-deployment strategy.

12

EntropyFix. reducing the entropy of your payload

11

Aggressor_Scripts. A compilation of Aggressor/Sleep scripts for operational purposes that I've made.

11

RecreateCSDownloadsTree. Generation of TOML metadata for recreating directory structures from Cobalt Strike Beacon downloads.

9

PII_Generator. Fake PII Generator

3

nmapdb. A project built upon a loathing of XML.

2

ligolo-ng. An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

2

SCShell. Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

1

ExampleCNARollup.

1

SharpHose. Asynchronous Password Spraying Tool in C# for Windows Environments

1

TitanLdr. Public variation of Titan Loader

1

gistfetch. Command-line utility to grab Github gists from your own account.

1

adidns_walker. Parse records of ADIDNS dumped data for valid A records with associated IP addresses

1

SituationalAwareness. Quick utilities for situational awareness of endpoints within Cobalt Strike's beacons with execute-assembly.

1