This is your work, valued
HiddenDesktop. HVNC for Cobalt Strike
1.3kMalleable-CS-Profiles. A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
534dcomhijack. Lateral Movement Using DCOM and DLL Hijacking
327LayeredSyscall. Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
311GregsBestFriend. GregsBestFriend process injection code created from the White Knight Labs Offensive Development course
207WMIExec. Set of python scripts which perform different ways of command execution via WMI protocol.
167Winsocky. Winsocket for Cobalt Strike.
105Warmer. Selenium-based Python script to automate sending emails to warm up your sender reputation and improve email deliverability
94FuncAddressPro. A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
74StackMask. A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
68Illicit-Services-Enum-Script. Python
68slack-udc2. Cobalt Strike UDC2 implementation that provides an Slack C2 channel
68docker-cobaltstrike. Docker container for running CobaltStrike 4.7 and above
25KnAIght. A modern, scalable web application for obfuscating prompts to bypass AI detection systems.
25wkl-gophish. WKl Gophish based on Sneaky Gophish
12WKL-Passwords. Wordlist, rules and masks from White Knight Labs
8async-callback-thread-injection. ODPC / White Knight Labs: educational async callback thread injection—C# demos stage OpenProcess→VirtualAllocEx→WPM via EnumUILanguagesA/EnumSystemLocalesA, then CreateRemoteThread or NtCreateThreadEx (CallbackInject / CallbackInjectNested).
4windows-server-2025-x64-calc-shellcode. Position-independent x64 Windows shellcode that dynamically resolves WinExec via PEB walking and export hashing, with a loader-patched ExitThread epilogue for clean thread termination. Built for White Knight Labs training courses.
4okta-mfa-check. OKTA MFA Check using Python and Selenium. Tool checks valid OKTA accounts to determine which MFA options are enabled/disabled
3