topotam

Certipy

Tool for Active Directory Certificate Services enumeration and abuse

CobaltBus

Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus

SysWhisper3

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

Athena

BofAllTheThings

Creating a repository with all public Beacon Object Files (BoFs)

LdapRelayScan

Check for LDAP protections regarding the relay of NTLM authentication

TokenStomp

C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic

Ares

Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique

BackupOperatorToDA

From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller

blankspace

Proof of Concept for EFSRPC Arbitrary File Upload (CVE-2021-43893)

BokuLoader

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. By: @0xBoku & @s4ntiago_p

CVE-2022-21882

GoldenGMSA

GolenGMSA tool for working with GMSA passwords

IOCTLDump

Ivy

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.

KillDefender

A small POC to make defender useless by removing its token privileges and lowering the token integrity

KrbRelay

Framework for Kerberos relaying

MalMemDetect

Detect strange memory regions and DLLs

manual-syscall-detect

A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.

Nimcrypt2

.NET, PE, & Raw Shellcode Packer/Loader Written in Nim

OffensiveNim

My experiments in weaponizing Nim (https://nim-lang.org/)

PackMyPayload

A PoC that packages payloads into output containersb to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

RecycledGate

Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll

RefleXXion

RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.

revsocks

Reverse SOCKS5 implementation in Go

SeeYouCM-Thief

SnD_AMSI

Start new PowerShell without etw and amsi in pure nim

SpoolFool

Exploit for CVE-2022–22718 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)

T.D.P

Using Thread Description To Hide Shellcode

TymSpecial

SysWhispers integrated shellcode loader w/ ETW patching, anti-sandboxing, & spoofed code signing certificates