United States

Bobby Cooke

Elite
@boku7

Adversary Simulation @ IBM X-Force Red

BokuLoader. A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

1.4k

Loki. 🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications

1.4k

azureOutlookC2. Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

501

spawn. Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.

467

Ninja_UUID_Runner. Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

450

injectAmsiBypass. Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

380

injectEtwBypass. CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)

300

HOLLOW. EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

290

StringReaper. Reaping treasures from strings in remote processes memory

288

AsmHalosGate. x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks

240

patchwerk. BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)

218

whereami. Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.

186

winx64-InjectAllProcessesMeterpreter-Shellcode. 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.

131

halosgate-ps. Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes

109

HellsGatePPID. Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process

107

XSS-Clientside-Attacks. A repository of JavaScript XSS attacks against client browsers

106

Nobelium-PdfDLRunAesShellcode. A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn

99

xPipe. Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions

97

x64win-DynamicNoNull-WinExec-PopCalc-Shellcode. 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free

65

x64win-AddRdpAdminShellcode. 64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"

38

tailorMS-rXSS-Keylogger. Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.

25

StockManagement-XSS-Login-CredHarvester. Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Stock Management System v1.0 allows remote attackers to harvest login credentials & session cookie via unauthenticated victim clicking malicious URL and entering credentials.

21

OffensiveRust. Rust Weaponization for Red Team Engagements.

16

DarkWidow. Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

15

gsSMTP-Csrf2Xss2RCE. Python

14

SCMKit. Source Code Management Attack Toolkit

13

LibreHealth-authRCE. LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the hosting webserver via uploading a maliciously crafted image.

12

gsCMS-CustomJS-Csrf2Xss2Rce. GetSimple CMS Custom JS Plugin Exploit RCE Chain

11

slae64. Repo for SLAE64 Exam

11

CVE-2020-23839. Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal

11

boku7.github.io. Blog

10

GetSimple-SmtpPlugin-CSRF2RCE. GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE

9

LoudSunRun. My shitty attempt at tampering with the callstack based on the work of namazso, SilentMoonWalk, and VulcanRaven

7

BikeRental-FU-RCE. Python

7

beacon. Former attempt at creating a independent Cobalt Strike Beacon

7

Ares. Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique

7

onlineCourseReg-RCE. From 0 to Remote Code Execution - exploit development files for Online Course Registration Web Application RCE

6

Apollo. A .NET Framework 4.0 Windows Agent

6

DayBird. Extension functionality for the NightHawk operator client

5

GraphRunner. A Post-exploitation Toolset for Interacting with the Microsoft Graph API

5

homeRent-SQLi-RCE. House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability allowing remote attackers to execute arbitrary code on the hosting webserver via sending a malicious POST request.

4

BOFMask. C

4

fuzzingFTP. Python scripts for fuzzing FTP servers, with percision, over TCP

4

ADOKit. Azure DevOps Services Attack Toolkit

4

LOLBAS. Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

3

StandIn. StandIn is a small .NET35/45 AD post-exploitation toolkit

2

Windows_LPE_AFD_CVE-2023-21768. LPE exploit for CVE-2023-21768

2

nt5src. Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.

2

AV_Bypass-Splitter. Splitter script to identify Anti-Virus signature of an executable

2

burp-jars.

2

cobalt_strike_extension_kit. Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

1

Havoc. The Havoc Framework

1

msspray. Password attacks and MFA validation against various endpoints in Azure and Office 365

1

CS-Situational-Awareness-BOF. Situational Awareness commands implemented using Beacon Object Files

1

CheatSheets. Cheat sheets for various projects.

1
55
Apply