Giters
luom

luom

Geek Repo

23

followers

38

following

563

stars

Github PK Tool:Github PK Tool

luom's starred repositories

HelpColor

Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type

License:BSD-3-ClauseStargazers:187Issues:0Issues:0

bof_helper

Beacon Object File (BOF) Creation Helper

Language:PythonStargazers:216Issues:0Issues:0

SysWhispers3

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

Language:PythonLicense:Apache-2.0Stargazers:1219Issues:0Issues:0

QnapBackupDecryptor

A tool to decrypt QNAP NAS encrypted backup files (not sync files) created using the QNAP Hybrid Backup Sync tool.

Language:C#License:GPL-3.0Stargazers:34Issues:0Issues:0

hbs_decipher

HBS decipher tool for QNAP (not official)

Language:JavaLicense:GPL-3.0Stargazers:91Issues:0Issues:0

FunctionStomping

Shellcode injection technique. Given as C++ header, standalone Rust program or library.

Language:RustLicense:GPL-3.0Stargazers:681Issues:0Issues:0

RefleXXion

RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.

Language:C++Stargazers:480Issues:0Issues:0

wmiexec-RegOut

Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER.

Language:PythonStargazers:280Issues:0Issues:0

HookLib

The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support

Language:CLicense:MITStargazers:714Issues:0Issues:0

sole

:doughnut: Sole is a lightweight C++11 library to generate universally unique identificators (UUID), both v1 and v4.

Language:C++License:ZlibStargazers:297Issues:0Issues:0

InlineWhispers2

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Language:AssemblyLicense:GPL-3.0Stargazers:174Issues:0Issues:0

tq84-OCI

Simple OCI (Oracle Call Interface) library in C.

Language:CStargazers:2Issues:0Issues:0

CallbackHell

Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

Language:C++License:MITStargazers:459Issues:0Issues:0

SharpSystemTriggers

Collection of remote authentication triggers in C#

Language:CStargazers:438Issues:0Issues:0

CSAgent

CobaltStrike 4.x通用白嫖及汉化加载器

Language:JavaStargazers:1170Issues:0Issues:0

winrmdll

C++ WinRM API via Reflective DLL

Language:C++License:MITStargazers:139Issues:0Issues:0

azureOutlookC2

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

Language:CLicense:MITStargazers:456Issues:0Issues:0

RIP

Stargazers:1468Issues:0Issues:0

bypass-BeaconEye

bypass BeaconEye

Language:C++Stargazers:89Issues:0Issues:0

LockdExeDemo

A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/

Language:CStargazers:181Issues:0Issues:0

WindTerm

A professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal.

Language:CStargazers:21911Issues:0Issues:0

Beacon.dll

Beacon.dll reverse

Language:CStargazers:134Issues:0Issues:0

SourcePoint

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

Language:GoStargazers:1011Issues:0Issues:0

BokuLoader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

Language:CLicense:MITStargazers:1232Issues:0Issues:0

BeaconEye

Hunts out CobaltStrike beacons and logs operator command output

Language:C#Stargazers:855Issues:0Issues:0

inceptor

Template-Driven AV/EDR Evasion Framework

Language:AssemblyLicense:NOASSERTIONStargazers:1546Issues:0Issues:0

RPCForSMBLibrary

Extension of SMBLibrary for RPC calls

Language:C#License:LGPL-3.0Stargazers:33Issues:0Issues:0

ADCSPwn

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.

Language:C#Stargazers:808Issues:0Issues:0

RelayX

NTLM relay test.

Language:PythonStargazers:183Issues:0Issues:0

Detect-Hooks

Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR

Language:CStargazers:147Issues:0Issues:0