Bobby Cooke's repositories
BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
azureOutlookC2
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
Ninja_UUID_Runner
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
injectAmsiBypass
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
AsmHalosGate
x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks
winx64-InjectAllProcessesMeterpreter-Shellcode
64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
Nobelium-PdfDLRunAesShellcode
A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
HellsGatePPID
Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
halosgate-ps
Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
x64win-DynamicNoNull-WinExec-PopCalc-Shellcode
64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free
gsCMS-CustomJS-Csrf2Xss2Rce
GetSimple CMS Custom JS Plugin Exploit RCE Chain
boku7.github.io
Blog
DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
GetSimple-SmtpPlugin-CSRF2RCE
GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE
LoudSunRun
My shitty attempt at tampering with the callstack based on the work of namazso, SilentMoonWalk, and VulcanRaven
Windows_LPE_AFD_CVE-2023-21768
LPE exploit for CVE-2023-21768
GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API