EDRSilencer. A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
1.9kGhostTask. A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
627ScheduleRunner. A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation
347RDPHijack-BOF. Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
318ServiceMove-BOF. New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
303TrustedPath-UACBypass-BOF. Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object.
144SCCMVNC. A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.
121Quser-BOF. Cobalt Strike BOF for quser.exe implementation using Windows API
88ClipboardHistoryThief. POC tool to extract all persistent clipboard history data from clipboard service process memory
60OffensiveCommvault. Red team tool for abusing Commvault to achieve lateral movement, persistence, and file collection.
9SysWhispers3. SysWhispers on Steroids - AV/EDR evasion via direct system calls.
3Suspended-Thread-Injection. Another meterpreter injection technique using C# that attempts to bypass Defender
3Vulnerability-Disclosure.
2WindowsDllsExport. A list of all the DLLs export in C:\windows\system32\
1