PELoader. PE loader with various shellcode injection techniques
454DuplicateDump. Dumping LSASS with a duplicated handle from custom LSA plugin
207BYOVDKit. bring your own vulnerable driver
124BOF-DCOMPotato-PrintNotify. Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object to DCOM call of PrintNotify.
103RemotePatcher. Patch AMSI and ETW in remote process via direct syscall
84AbuseAzureAPIPermissions. Abuse Azure API permissions for red teaming
72herpaderply_hollowing. Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
69CVE-2024-2432-PaloAlto-GlobalProtect-EoP. C++
64BOF-SprayAD. Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
47DumpAADSyncCreds. C# implementation of Get-AADIntSyncCredentials from AADInternals, which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.
47CertifyKit. Active Directory certificate abuse
43BOF-CredUI. Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
24BOF-RemoteRegSave. Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
18DumpAADUserRPT. DumpAADUserRPT is C# implementation of Get-AADIntUserPRTToken from AADInternals which obtain Primary Refresh Token
13ForeScout-SecureConnector-EoP. Arbitrary File Delete in Forescout SecureConnector before 11.3.06.0063
6ReadWrite-DCOM. Perform directory listing, read and write file on remote computer via DCOM methods
4webAccess-arbitrary-read-write. Python
1CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient. C++
1