matt-culbert's repositories
bhg
Code samples for No Starch Press Black Hat Go
cobalt-arsenal
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
Empire
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
evil-compiler
An evil compiler that adds undetectable backdoors into programs it compiles
exploitation-course
Offensive Software Exploitation Course
follina.py
Quick POC to replicate the 'Follina' Office RCE vulnerability for local testing purposes
go-shellcode
A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
koadic
zerosum0x0's Koadic
laZzzy
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.
memguard
Secure software enclave for storage of sensitive information in memory.
OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
OSCP-Cheatsheet
OSCP Cheatsheet by Sai Sathvik
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
ShellGhost
A memory-based evasion technique which makes shellcode invisible from process start to end.
suricata_rules
Rules for Suricata
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
trevorc2
TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.
w32
A wrapper of Windows APIs for Go
Windows-universal-samples
API samples for the Universal Windows Platform.
wintoken
Mainpulate, Steal and Modify Windows Tokens in Go
WMIProcessWatcher
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.