Acheron Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be used to add indirect syscall capabilities to your Golang tradecraft, to bypass AV/EDRs that...
Hades Hades is a proof-of-concept loader that combines several evasion techniques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs. Install The easiest way is probably building the project on...
ropr ropr is a blazing fast multithreaded ROP Gadget finder What is an ROP Gadget? ROP (Return Oriented Programming) Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which...
Freeze Freeze is a payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze utilizes multiple techniques to not only remove Userland EDR hooks but to also...
Discord Voice Channel C2 aka DCVC2 This multi-operating system-compatible tool was created to leverage Discord’s voice channels for command and control operations. This tool operates entirely over the Real-Time Protocol (RTP) primarily leveraging DiscordGo...
ScareCrow ScareCrow is a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process (bypassing Application Whitelisting controls). Once the DLL loader is loaded into...
AtomLdr: A DLL loader with evasive features Features: CRT library independent. The final DLL file, can run the payload by loading the DLL (executing its entry point), or by executing the exported “Atom” function via...
Kubestroyer Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests. Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations. The tool...
Evil-WinRM This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of the WS-Management Protocol. A standard SOAP-based protocol that allows hardware and operating systems from different...
Bypass Sandbox Evasion Sandboxes are commonly used to analyze malware. They provide a temporary, isolated, and secure environment in which to observe whether a suspicious file exhibits any malicious behavior. However, malware developers have...
