Bobby Cooke's repositories
DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
boku7.github.io
Blog
LoudSunRun
My shitty attempt at tampering with the callstack based on the work of namazso, SilentMoonWalk, and VulcanRaven
azureOutlookC2
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
GetSimple-SmtpPlugin-CSRF2RCE
GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE
gsCMS-CustomJS-Csrf2Xss2Rce
GetSimple CMS Custom JS Plugin Exploit RCE Chain
x64win-DynamicNoNull-WinExec-PopCalc-Shellcode
64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free
AsmHalosGate
x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks
HellsGatePPID
Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
halosgate-ps
Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
injectAmsiBypass
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
winx64-InjectAllProcessesMeterpreter-Shellcode
64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
Ninja_UUID_Runner
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
Nobelium-PdfDLRunAesShellcode
A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
Windows_LPE_AFD_CVE-2023-21768
LPE exploit for CVE-2023-21768
Havoc
The Havoc Framework