boku7

Bobby Cooke's starred repositories

ROPgadget

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, and RISC-V Compressed architectures.

Language:PythonNOASSERTION3814 121 94

ysoserial.net

Deserialization payload generator for a variety of .NET formatters

Language:C#MIT3117 75 62

pypykatz

Mimikatz implementation in pure Python

Language:PythonMIT2758 74 98

Certify

Active Directory certificate abuse.

Language:C#NOASSERTION1429 28 24

BokuLoader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

Language:CMIT1235 26 12

PoolParty

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

Language:C++BSD-3-Clause875 14 2

GraphRunner

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

Language:PowerShellMIT808 18 11

Fermion

Fermion, an electron wrapper for Frida & Monaco.

Language:CSSBSD-3-Clause640 23 14

DEFCON-31-Syscalls-Workshop

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

Language:C591 100

DarkWidow

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

Language:CMIT508 11 1

AzureHound

Azure Data Exporter for BloodHound

Language:GoGPL-3.0505 18 26

azureOutlookC2

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

Language:CMIT456 80

ADOKit

Azure DevOps Services Attack Toolkit

Language:C#Apache-2.0231 30

zombieant

Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

Language:CMIT216 140

CVE-2023-3519

RCE exploit for CVE-2023-3519

Language:Python212 4 3

CVE-2023-27997-check

Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing

Language:PythonGPL-3.0124 3 1

LOLAPPS

LOLAPPS is a compendium of applications that can be used to carry out day-to-day exploitation.

GPL-3.0123 7 1

ADOKit

Azure DevOps Services Attack Toolkit

Language:C#Apache-2.0118 2 2

SharpSword

Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly

Language:C#GPL-3.0114 40

cve-2022-42475

POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon

Language:Python105 1 3

BOFMask

Language:C102 20

halosgate-ps

Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes

Language:CMIT93 50

forticrack

Decrypt encrypted Fortienet FortiOS firmware images

Language:PythonGPL-3.082 30

roadtools_hybrid

Hybrid AD utilities for ROADtools

Language:Python51 30

CVE-2022-42475

An exploit for CVE-2022-42475, a pre-authentication heap overflow in Fortinet networking products

Language:Python31 10

DayBird

Extension functionality for the NightHawk operator client

Language:C#26 20

DayBird

Extension functionality for the NightHawk operator client

Language:C#25 10

CVE-2021-44168

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3.

Language:C16 10

LibreHealth-authRCE

LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the hosting webserver via uploading a maliciously crafted image.

Language:PythonGPL-3.01200

Armitage-Cortana-Resource-Opener

Open Resource Files in Armitage with Cortana

1200