C# C2 Framework centered around Stage 1 operations
RubberDucky like payloads for DigiSpark Attiny85
Tools for decoding TPM SPI transaction and extracting the BitLocker key from them.
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
A C implementation of the Sektor7 "A Thief" Windows privesc technique.
Terraform + Ansible deployment scripts for an Active Directory lab environment.
Cobalt Strike is a post-exploitation framework designed to be extended and customized by the user community. Several excellent tools and scripts have been written and published, but they can be challenging to locate. Community Kit is a central repository of extensions written by the user community to extend the capabilities of Cobalt Strike. The Cobalt Strike team acts as the curator and provides this kit to showcase this fantastic work.
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
USB Rubber Ducky type scripts written for the DigiSpark.
FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
Python Gmail User Enumeration Tool
Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.
Library and tools to access the BitLocker Drive Encryption (BDE) encrypted volumes
libsigrok stacked Protocol Decoder for TPM 2.0 transactions from an SPI bus. BitLocker Volume Master Key (VMK) are automatically extracted.
Memray is a memory profiler for Python
A work in progress of constructing a minimal http(s) beacon for Cobalt Strike.
Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html
Notion as a platform for offensive operations
Kernel mode WinDbg extension and PoCs for token privilege investigation.
RedDrop is a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.
C# Utilities for Windows Notification Facility
Weaponizing for privileged file writes bugs with windows problem reporting
Universal Shared Library User-space Loader