This is your work, valued

Hong Kong

Chris Au

Expert
@netero1010

EDRSilencer. A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

1.9k

GhostTask. A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.

627

ScheduleRunner. A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation

347

RDPHijack-BOF. Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.

318

ServiceMove-BOF. New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.

303

TrustedPath-UACBypass-BOF. Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object.

144

SCCMVNC. A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.

121

Quser-BOF. Cobalt Strike BOF for quser.exe implementation using Windows API

88

ClipboardHistoryThief. POC tool to extract all persistent clipboard history data from clipboard service process memory

60

OffensiveCommvault. Red team tool for abusing Commvault to achieve lateral movement, persistence, and file collection.

9

SysWhispers3. SysWhispers on Steroids - AV/EDR evasion via direct system calls.

3

Suspended-Thread-Injection. Another meterpreter injection technique using C# that attempts to bypass Defender

3

Vulnerability-Disclosure.

2

WindowsDllsExport. A list of all the DLLs export in C:\windows\system32\

1