Stars
Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial process, takes a snapshot of the process, and injects shellc…
Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…
Python implementation of GhostPack's Seatbelt situational awareness tool
.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation
tiny, portable SOCKS5 server with very moderate resource usage
Extract and execute a PE embedded within a PNG file using an LNK file.
Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow with very detailed explanation.
rust library for performing remote process injection, originally written for use in Tempest c2 project
Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀
A helper script for consolidating Aggressor and BOF repositories into a single CNA for Cobalt Strike.
Tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables tha…
Python3 rewrite of AsOutsider features of AADInternals
Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
A toolkit to attack Office365
NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support
Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking.
5DC3 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
Python utility that generates "imageless" QR codes in various formats
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
A VSCode plugin to assist with BOF development.
Adaptive DLL hijacking / dynamic export forwarding - EAT preserve