C3Pain's repositories
Android-Bypass-Root-SSLPin
For my personal notes
awesome-incident-response
A curated list of tools for incident response
Blackout
kill anti-malware protected processes (BYOVD)
BOF-NPPSPY
Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassuming file.
Certify
Active Directory certificate abuse.
CertifyKit
Active Directory certificate abuse
Chaos-Rootkit
x64 ring0 rootkit with process hiding, privilege escalation, and capabilities for protecting and unprotecting processes
CVE-2023-27350
Proof of Concept Exploit for PaperCut CVE-2023-27350
CVE-2023-28252-Compiled-exe
A modification to fortra's CVE-2023-28252 exploit, compiled to exe
EnumStrike
Cobalt Strike Aggressor script to automate host and domain enumeration.
FilelessRemotePE
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
FindFrontableDomains
Search for potential frontable domains
HiddenDesktop
HVNC for Cobalt Strike
Inveigh
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
mimikatz
A little tool to play with Windows security
OffensiveCSharp
Collection of Offensive C# Tooling
OneDriveUpdaterSideloading
Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post
PatchlessCLRLoader
.NET assembly loader with patchless AMSI and ETW bypass
PatchlessInlineExecute-Assembly
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
PELoader
PE loader with various shellcode injection techniques
Proxy-Function-Calls-For-ETwTI
The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
Rubeus
Trying to tame the three-headed dog.
Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
SQLRecon
A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
Terminator
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes