leftp

AssemblyLine

A C library and binary for generating machine code of x86_64 assembly language and executing on the fly without invoking another compiler, assembler or linker.

CallbackHell

Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CVE-2021-40444

CVE-2021-40444 PoC

CyberArkTools

Some Python tooling to for example try to decrypt CyberArk .cred credential files

DNSStager

Hide your payload in DNS

DumpNParse

A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0.

encrypt

Pseudorandom AES-256 encryption designed to protect shellcode and arbitrary strings. C# and C/C++ compatible.

GPUSleep

Move CS beacon to GPU memory when sleeping

incident-response-plan-template

A concise, directive, specific, flexible, and free incident response plan template

Injector

Complete Arsenal of Memory injection and other techniques for red-teaming in Windows

InlineWhispers2

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

LockdExeDemo

A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/

lsarelayx

NTLM relaying for Windows made easy

MediumToHighIL_Test

MultiPotato

OSEP-Breaking-Chains

A collection of code snippets built to assist with breaking chains.

PolyHook_2_0

C++17, x86/x64 Hooking Libary v2.0

SharpSelfDelete

C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs

ShellcodeFluctuation

An in-memory evasion technique fluctuating shellcode memory protection between RW & RX and encrypting/decrypting contents

Skrull

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.

SleepyCrypt

A shellcode function to encrypt a running process image when sleeping.

SQLRecon

A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.

SSHClient

A C# SSH client

StealAllTokens

This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process

Suspended-Thread-Injection

Another meterpreter injection technique using C# that attempts to bypass Defender

ThreadStackSpoofer

Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

TitanLdr

Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.

TripleS

Syscall Stub Stealer - Freshly steal Syscall stub straight from the disk

turdshovel

Dump objects from .NET dumps.

winrmdll

C++ WinRM API via Reflective DLL