James Yeung's repositories
CS-Situational-Awareness-BOF
Situational Awareness commands implemented using Beacon Object Files
CVE-2023-22809-sudoedit-privesc
A script to automate privilege escalation with CVE-2023-22809 vulnerability
frida-dexdump
A frida tool to dump dex in memory to support security engineers analyzing malware.
Proxy-Function-Calls-For-ETwTI
The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
APCLdr
Payload Loader With Evasion Features
ASRenum-BOF
Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
BackupOperatorToDA
From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
CobaltWhispers
CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process injection, persistence and more, leveraging direct syscalls (SysWhispers2) to bypass EDR/AV
Cortex-XDR-Config-Extractor
Cortex XDR Config Extractor
Dirty-Vanity
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
evilgophish
evilginx2 + gophish
File-Smuggling
HTML smuggling is not an evil, it can be useful
FlavorTown
Various ways to execute shellcode
Inline-Execute-PE
Execute unmanaged Windows executables in CobaltStrike Beacons
Interceptor
Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space
nanorobeus
COFF file (BOF) for managing Kerberos tickets.
OBFShellcode
Just a little dev time exploring other avenues to hide shellcode, I personally tried this with actual payloads and it did not do the job, for some odd reason calc popped though. This is actually garbage do not use this, no clue why I am posting this lol.
OneRuleToRuleThemStill
A revamped and updated version of my original OneRuleToRuleThemAll hashcat rule
ProtectMyTooling
Multi-Packer allowing to daisy-chain over 29 packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.
Proxy-DLL-Loads
The code is a pingback to the Dark Vortex blog:
Red-Lambda
Leveraging AWS Lambda Function URLs for C2 Redirection
red-team-scripts
A collection of red teaming and adversary emulation related tools, scripts, techniques, notes, etc
reFlutter
Flutter Reverse Engineering Framework
RToolZ
A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.