HenryChanDC

BOF2shellcode

POC tool to convert CobaltStrike BOF files to raw shellcode

CS_Uploads_Tracker

Aggressor script add-in for CobaltStrike to track file uploads

SeeProxy

Golang reverse proxy with CobaltStrike malleable profile validation.

edr_blocker

Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.

awesome-readme-generator-tools

收录了一些可以快速创建出精美readme.md的工具集合

BOFMask

BOFRyptor

BokuLoader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

pwcrack-framework

Password Crack Framework

goreflect

Reflective DLL loading of your favorite Golang program

LoginFish

通用登录页面安全控件钓鱼

AmsiScanBufferBypass

Bypass AMSI by patching AmsiScanBuffer

dahuaExploitGUI

dahua综合漏洞利用工具

EDRPrison

Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

BOF.NET

A .NET Runtime for Cobalt Strike's Beacon Object Files

ChromeExtensionInstall

Silently Install Chrome Extension For Persistence

kbtls

Establishes mutually trusted TLS connections based on a pre-shared connection key.

Awesome-CobaltStrike-Defence

Defences against Cobalt Strike

TscanPlus

一款综合性网络安全检测和运维工具，旨在快速资产发现、识别、检测，构建基础资产信息库，协助甲方安全团队或者安全运维人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Magic_C2

红队 C2 框架，使用 No X Loader 技术。Red Team C2 Framework, using No X Loader technology.

NacosExploit

NacosExploit 命令执行 内存马等利用

wirez

redirect all TCP/UDP traffic of any program to SOCKS5 proxy

pumpbin

🎃 PumpBin is an Implant Generation Platform.

Voidgate

A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.

postnacos

哥斯拉nacos后渗透插件 maketoken adduser

DonPAPI

Dumping DPAPI credz remotely

IHxExec

Process injection alternative

EDRNoiseMaker

Detect WFP filters blocking EDR communications

pdf-exploit

pdf exploit 集成

Memory-horse

关于内存马的学习研究支持新手从0到1，从内存马原理，内存马植入 内存马检测 到内存马防御与内存马应急以及内存马查杀全系列java内存马/php/.net/c++/python 喜欢可以点个star 后续持续更新