v4nyl's repositories
Aggressor-scripts
Aggressor scripts I've made for Cobalt Strike
AggressorCollection
Collection of awesome Cobalt Strike Aggressor Scripts. All credit due to the authors
Chameleon
Chameleon: A tool for evading Proxy categorisation
CobaltStrike-Toolset
Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
EasyNet
Simple packer for arbitrary data using only .NET API calls. Produces a unique signature with every usage. Standalone program and library. Algorithm: Data <-> GZip <-> AES-256 <-> Base64.
EoPLoadDriver
Proof of concept for abusing SeLoadDriverPrivilege (Privilege Escalation in Windows)
EventCleaner
A tool mainly to erase specified records from Windows event logs, with additional functionalities.
fireELF
fireELF - Fileless Linux Malware Framework
gargoyle
A memory scanning evasion technique
HideShell
A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.
Invoke-UserSimulator
Simulates common user behaviour on local and remote Windows hosts.
LeoSpecial-VEH-Hook
Vectored Exception Handling Hooking Class
mod_ringbuilder
Apache Module Backdoor (PoC)
NtdllUnpatcher
Example code for EDR bypassing
Protectors
🛡️ Obfuscator, Encryption, Junkcode, Anti-Debug, PE protection/modification
psportfwd
a simple portforwarder in ps1 with embeded c# code
pylnker
This is a Python port of lnk-parse-1.0, a tool to parse Windows .lnk files.
Quickrundown
Smart overlay for Cobalt Strike PS function
RDPInception
A proof of concept for the RDP Inception Attack
SessionGopher
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
smbdoor
Windows kernel backdoor via registering a malicious SMB handler
Social-Engineering-Payloads
Collection of social engineering payloads
ssh-inject
A ptrace POC by hooking SSH to reveal provided passwords
SSHoRTy
A progressive, customizable armored SSH tunnel implant for Linux and MacOS systems
subTee-gits-backups
subTee gists code backups
TCPRelayInjecter2
Tool for injecting a "TCP Relay" managed assembly into an unmanaged process
WMI_Persistence
A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics
WMImplant
This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.