luom's starred repositories
bof_helper
Beacon Object File (BOF) Creation Helper
SysWhispers3
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
QnapBackupDecryptor
A tool to decrypt QNAP NAS encrypted backup files (not sync files) created using the QNAP Hybrid Backup Sync tool.
hbs_decipher
HBS decipher tool for QNAP (not official)
FunctionStomping
Shellcode injection technique. Given as C++ header, standalone Rust program or library.
RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
wmiexec-RegOut
Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER.
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
CallbackHell
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
SharpSystemTriggers
Collection of remote authentication triggers in C#
azureOutlookC2
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
bypass-BeaconEye
bypass BeaconEye
LockdExeDemo
A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/
Beacon.dll
Beacon.dll reverse
SourcePoint
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
RPCForSMBLibrary
Extension of SMBLibrary for RPC calls
Detect-Hooks
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR