SYLAR's repositories
garble
Obfuscate Go builds
JustEvadeBro
JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.
jadx
Dex to Java decompiler
gost
GO Simple Tunnel - a simple tunnel written in golang
AmsiHooker
Hookers are cooler than patches.
SharpGhosting
Process Ghosting in C#
redsocks
transparent TCP-to-proxy redirector
ParallelSyscalls
C# version of MDSec's ParallelSyscalls
JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
sam-the-admin
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
tgtdelegation
tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
Whisker
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
OffensiveVBA
This repo covers some code execution and AV Evasion methods for Macros in Office documents
HelpColor
Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
red_team_attack_lab
Red Team Attack Lab for TTP testing & research
LazySign
Create fake certs for binaries using windows binaries and the power of bat files
unhook-bof
Remove API hooks from a Beacon process.
OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
Invoke-DLLClone
Koppeling x Metatwin x LazySign
HOLLOW
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com
SharpNoPSExec
Get file less command execution for lateral movement.
capsulecorp-pentest
Vagrant VirtualBox environment for conducting an internal network penetration test