Solomon Sklash's repositories
SleepyCrypt
A shellcode function to encrypt a running process image when sleeping.
COM-Hijacking
An example of COM hijacking using a proxy DLL.
RAII-types
Code to handle certain Windows types using the RAII paradigm
ShellcodeFluctuation
An in-memory evasion technique fluctuating shellcode memory protection between RW & RX and encrypting/decrypting contents
SourcePoint
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
BOF2shellcode
POC tool to convert CobaltStrike BOF files to raw shellcode
Certipy
Python implementation for Active Directory certificate abuse
concealed_position
Bring your own print driver privilige escalation tool
ElusiveMice
Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
HandleKatz
PIC lsass dumper using cloned handles
Invoke-DLLClone
Koppeling x Metatwin x LazySign
LockdExeDemo
A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/
MemoryLoader
A .NET binary loader that bypasses AMSI
minhook
The Minimalistic x86/x64 API Hooking Library for Windows
nmap-parse-output
Converts/manipulates/extracts data from a Nmap scan output.
Obfuscate
Guaranteed compile-time string literal obfuscation header-only library for C++14
offensive-rpc
Offensive RPC PoC
red_team_attack_lab
Red Team Attack Lab for TTP testing & research
ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
ServiceMove-BOF
New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
TitanLdr
Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH