Oblivion 悪's starred repositories
trufflehog
Find, verify, and analyze leaked credentials
MicroBurst
A collection of scripts for assessing Microsoft Azure security
EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
CarbonCopy
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
RustRedOps
🦀 | RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust
SourcePoint
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
BestEdrOfTheMarket
Little user-mode AV/EDR evasion lab for training & learning purposes
ShellcodeFluctuation
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
RedCloud-OS
RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
Hunt-Sleeping-Beacons
Aims to identify sleeping beacons
CrimsonEDR
Simulate the behavior of AV/EDR for malware development training.
Kerbeus-BOF
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
ThreadlessInject-BOF
BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.
CallStackMasker
A PoC implementation for dynamically masking call stacks with timers.
CredBandit
Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel
RemoteTLSCallbackInjection
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
InlineExecute-Assembly
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
rust-mordor-rs
Rusty Hell's Gate / Halo's Gate / Tartarus' Gate / FreshyCalls / Syswhispers2 Library
PrivEscWindows
Powershell Script For Windows 11 Vulnerable machine