ProcessusT

HEKATOMB

Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.

Venoma

Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution

Dictofuscation

Obfuscate the bytes of your payload with an association dictionary

UnhookingDLL

This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

PsNotifRoutineUnloader

This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection

SharpVenoma

CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution

HavocHub

PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are relayed through Issues and Comments for maximum stealth.

MasterKeyBrute

Bruteforce DPAPI encrypted MasterKey File from Windows Credentials Manager

EnumSSN

Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current process

Automated-C2

Automate your C2 creation with Azure Frontdoor and randomly generated options

La-Gamelle

Tous les trucs utilisés dans les Tutos, les shellcodes, les templates, les notes...

RemClip

RemClip is a C# project which permits to steal user clipboard data and send it to a remote web server under attacker control

LoadThatPE

A simple PE Loader tool that loads a PE from memory, decrypt it, resolve its imports, relocate its sections, and redefine its entry point to execute seamlessly from memory

DetectEsetHooks

Tool to enumerate ESET hooked functions by parsing the ebehmoni.dll module

MikNet

Autonomous red team implementation allowing sound capture and broadcast through an untraceable front-end server to the attacker's station

VolchockC2

VolchockC2 is a custom-built Command & Control (C2) framework, currently under active development. Designed for red team operations and adversary simulation, VolchockC2 focuses on flexibility, stealth, and efficient post-exploitation capabilities.

IndirectSyscalls

A custom reimplementation of indirect syscalls without the use of GetModuleHandleA and GetProcAddress

aspyco

Aspyco is a python script that permits to upload a local binary through SMB on a remote host. Then it remotely connects to svcctl named pipe through DCERPC to create and start the binary as a service.

CodeCaveInjection

Test d'injection de shellcode dans un fichier PE 64bits

ESEDHOUND

ESEDHOUND is a python script that extract datatable from the ntds.dit file to retrieve users, computers and groups. The goal is to send all the infos into Bloodhound to help incident responders for identifying AD objects.

invit-bomber

Script python permettant d'envoyer en masse des invitations sur LinkedIn

Araneus

Je sais pas trop encore, on verra

AuthenticationPassthroughExploitation

Another example of Azure AD Authentication Passthrough exploitation to intercept LogonUserW API calls

blackarch

An ArchLinux based distribution for penetration testers and security researchers.

Havoc

The Havoc Framework

Killer

Is a tool created to evade AVs and EDRs or security tools.

libesedb

Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.

RedTeaming-Tactics-and-Techniques

Red Teaming Tactics and Techniques

generate_random_ad_users

NetExec

The Network Execution Tool