Josh Abraham's repositories
metasploit-framework
Metasploit Framework
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
C2_RedTeam_CheatSheets
Useful C2 techniques and cheatsheets learned from engagements
Chaos-Rootkit
Now You See Me, Now You Don't
CS-Situational-Awareness-BOF
Situational Awareness commands implemented using Beacon Object Files
CoffeeLdr
Beacon Object File Loader
Ekko
Sleep Obfuscation
elastic-container
Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine
Havoc
The Havoc Framework.
HiddenDesktop
HVNC for Cobalt Strike
KaynLdr
KaynLdr is a Reflective Loader written in C/ASM
KaynStrike
UDRL for CS
LdrLibraryEx
A small x64 library to load dll's into memory.
Marble
The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
merlin-agent
Post-exploitation agent for Merlin
Modules
Modules used by the Havoc Framework
Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
pneuma
Default agent for Prelude Operator
PoolPartyBof
A beacon object file implementation of PoolParty Process Injection Technique.
r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
SignToolEx
Patching "signtool.exe" to accept expired certificates for code-signing.
sliver
Adversary Emulation Framework
VX-API
Collection of various malicious functionality to aid in malware development
Website
source for https://havocframework.com
WMIProcessWatcher
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.