BokuLoader. A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
1.4kLoki. 🧙♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications
1.4kazureOutlookC2. Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
501spawn. Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.
467Ninja_UUID_Runner. Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
450injectAmsiBypass. Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
380injectEtwBypass. CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
300HOLLOW. EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
290StringReaper. Reaping treasures from strings in remote processes memory
288AsmHalosGate. x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks
240patchwerk. BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
218whereami. Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.
186winx64-InjectAllProcessesMeterpreter-Shellcode. 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
131halosgate-ps. Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
109HellsGatePPID. Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
107XSS-Clientside-Attacks. A repository of JavaScript XSS attacks against client browsers
106Nobelium-PdfDLRunAesShellcode. A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
99xPipe. Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
97x64win-DynamicNoNull-WinExec-PopCalc-Shellcode. 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free
65x64win-AddRdpAdminShellcode. 64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"
38tailorMS-rXSS-Keylogger. Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.
25StockManagement-XSS-Login-CredHarvester. Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Stock Management System v1.0 allows remote attackers to harvest login credentials & session cookie via unauthenticated victim clicking malicious URL and entering credentials.
21OffensiveRust. Rust Weaponization for Red Team Engagements.
16DarkWidow. Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
15gsSMTP-Csrf2Xss2RCE. Python
14SCMKit. Source Code Management Attack Toolkit
13LibreHealth-authRCE. LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the hosting webserver via uploading a maliciously crafted image.
12gsCMS-CustomJS-Csrf2Xss2Rce. GetSimple CMS Custom JS Plugin Exploit RCE Chain
11slae64. Repo for SLAE64 Exam
11CVE-2020-23839. Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal
11boku7.github.io. Blog
10GetSimple-SmtpPlugin-CSRF2RCE. GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE
9LoudSunRun. My shitty attempt at tampering with the callstack based on the work of namazso, SilentMoonWalk, and VulcanRaven
7BikeRental-FU-RCE. Python
7beacon. Former attempt at creating a independent Cobalt Strike Beacon
7Ares. Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
7onlineCourseReg-RCE. From 0 to Remote Code Execution - exploit development files for Online Course Registration Web Application RCE
6Apollo. A .NET Framework 4.0 Windows Agent
6DayBird. Extension functionality for the NightHawk operator client
5GraphRunner. A Post-exploitation Toolset for Interacting with the Microsoft Graph API
5homeRent-SQLi-RCE. House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability allowing remote attackers to execute arbitrary code on the hosting webserver via sending a malicious POST request.
4BOFMask. C
4fuzzingFTP. Python scripts for fuzzing FTP servers, with percision, over TCP
4ADOKit. Azure DevOps Services Attack Toolkit
4LOLBAS. Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
3StandIn. StandIn is a small .NET35/45 AD post-exploitation toolkit
2Windows_LPE_AFD_CVE-2023-21768. LPE exploit for CVE-2023-21768
2nt5src. Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.
2AV_Bypass-Splitter. Splitter script to identify Anti-Virus signature of an executable
2burp-jars.
2cobalt_strike_extension_kit. Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.
1Havoc. The Havoc Framework
1msspray. Password attacks and MFA validation against various endpoints in Azure and Office 365
1CS-Situational-Awareness-BOF. Situational Awareness commands implemented using Beacon Object Files
1CheatSheets. Cheat sheets for various projects.
1