Bootkit sample for firmware attack
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
TartarusGate, Bypassing EDRs
Provides various Windows Server Active Directory (AD) security-focused reports.
BloodyAD is an Active Directory Privilege Escalation Framework
Pretty good call graphs for dynamic languages
Google Drive, OneDrive and Youtube as covert-channels - Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram
Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
Golang Bypass Av Generator template
User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
Medusa is a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic
A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚
Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitscript.com/site/autoit/)
This repo covers some code execution and AV Evasion methods for Macros in Office documents
Collection of remote authentication triggers in C#
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some techniques are better than others at bypassing AV.
Automating Host Exploitation with AI
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
Adversary Emulation Framework
Lookup for interesting stuff in SMB shares
Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.
Scripts to secure and harden Mac OS X