CodyJohnston

DeathSleep

A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.

Red-Team-Infrastructure-Automation

Disposable and resilient red team infrastructure with Terraform

Sandman

Sandman is a NTP based backdoor for red team engagements in hardened networks.

AtomicSyscall

Tools and PoCs for Windows syscall investigation.

C3

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

Chisel-Strike

A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.

cobalt-arsenal

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

Coercer

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.

CVE-2022-26937

A Zeek package to detect CVE-2022-26937, a vulnerability in the Network Lock Manager (NLM) protocol in Windows MFS server.

DFSCoerce

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

FOLIAGE

Public variation of FOLIAGE ( original developer )

KrbRelayUp

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

netbox

The premiere source of truth powering network automation. Open source under Apache 2. Public demo: https://demo.netbox.dev

nishang

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

ntlmrelayx2proxychains

Powershell-to-Ducky-Converter

This is an application I am developing to automatically convert powershell scripts into ready to use Ducky scripts

RDPHijack-BOF

Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.

RunAsWinTcb

ScamNumberSearch

This project is aimed at extracting the phone numbers of tech support scammers that are specifically abusing legitimate website's SEO to push their scam numbers very high up in the search results.

ScubaGear

Automation to assess the state of your M365 tenant against CISA's baselines

skanuvaty

Blazing fast DNS/network/port scanner

Spartacus

Spartacus DLL Hijacking Discovery Tool

Spring4Shell-POC

Spring4Shell Proof Of Concept/Information CVE-2022-22965

tapir

TAPIR is a multi-user, client/server, incident response framework

TeamsImplant

updog

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

WFH

windows-coerced-authentication-methods

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

wkpe

Windows Kernel Programming Experiments