Topotam's repositories
palinka_c2
Just another useless C2 occupying space in some HDD somewhere.
BOF_dumpclip
Beacon Object Files to dump content of clipboard
ADExplorerSnapshot.py
ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.
BOF2shellcode
POC tool to convert CobaltStrike BOF files to raw shellcode
ceload
Loading dbk64.sys and grabbing a handle to it
cobalt-arsenal
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
COFFLoader2
Load and execute COFF files and Cobalt Strike BOFs in-memory
decode-spam-headers
A script that helps you understand why your E-Mail ended up in Spam
ElusiveMice
Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
ForkPlayground
An implementation and proof-of-concept of Process Forking.
GPUSleep
Move CS beacon to GPU memory when sleeping
inceptor
Template-Driven AV/EDR Evasion Framework
inject-assembly
Execute .NET in an Existing Process
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
MirrorDump
Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory
nanodump
Dumping LSASS has never been so stealthy
Proxy-Attackchain
proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool
ScheduleRunner
A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation
SharpSphere
.NET Project for Attacking vCenter
Skrull
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
TartarusGate
TartarusGate, Bypassing EDRs
To-Safe-Mode-And-Beyond
A tool for leveraging elevated acess over a computer to boot the computer into Windows Safe Mode, alter settings, and then boot back into Normal Mode.
VX-API
Collection of various WINAPI tricks / features used or abused by Malware