SolomonSklash

Cookie-Graber-BOF

C or BOF file to extract WebKit master key to decrypt user cookie

Hunt-Weird-ImageLoads

Small tool to play with IOCs caused by Imageload events

log.c

A simple logging library implemented in C99

phnt

Native API header files for the System Informer project.

titanldr-ng

A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.

WTSRM2

Adalanche

Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)

APCLdr

Payload Loader With Evasion Features

blacklotus

A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.

BlackLotus2

BlackLotus UEFI Windows Bootkit

BokuLoader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

Caro-Kann

Encrypted shellcode Injection to avoid Kernel triggered memory scans

D1rkLdr

Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscall instruction address resolving at run time

EtwTi-FluctuationMonitor

Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections

JonMon

Kerbeus-BOF

BOF for Kerberos abuse (an implementation of some important features of the Rubeus).

LdrLibraryEx

A small x64 library to load dll's into memory.

LdrLockLiberator

For when DLLMain is the only way

linWinPwn

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks

LoudSunRun

Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven

msvc-wine

Scripts for setting up and running MSVC in Wine on Linux

MultiDump

MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.

perfect-loader

Load a dynamic library from memory by modifying the native Windows loader

Periscope

Fully Integrated Adversarial Operations Toolkit (C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation)

POSTDump

PPLFault

Proxy-DLL-Loads

The code is a pingback to the Dark Vortex blog:

Proxy-Function-Calls-For-ETwTI

The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/

superlooper

An open source programmable looping pedal based off of the BYOC super8 pedal.

SymProcAddress

Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)