Hades Hades is a basic Command & Control server built using Python. It is currently extremely bare-bones, but I plan to add more features soon. Features are a work in progress currently. Features Windows...
EntropyReducer: Reduce The Entropy Of Your Payload And Obfuscate It With Serialized Linked Lists How Does It Work EntropyReducer algorithm is determined by BUFF_SIZE and NULL_BYTES values. The following is how would EntropyReducer organize your payload if BUFF_SIZE was set to 4, and NULL_BYTES to 2. Obfuscation...
Acheron Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be used to add indirect syscall capabilities to your Golang tradecraft, to bypass AV/EDRs that...
Hades Hades is a proof-of-concept loader that combines several evasion techniques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs. Install The easiest way is probably building the project on...
Discord Voice Channel C2 aka DCVC2 This multi-operating system-compatible tool was created to leverage Discord’s voice channels for command and control operations. This tool operates entirely over the Real-Time Protocol (RTP) primarily leveraging DiscordGo...
AtomLdr: A DLL loader with evasive features Features: CRT library independent. The final DLL file, can run the payload by loading the DLL (executing its entry point), or by executing the exported “Atom” function via...
Kubestroyer Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests. Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations. The tool...
Bypass Sandbox Evasion Sandboxes are commonly used to analyze malware. They provide a temporary, isolated, and secure environment in which to observe whether a suspicious file exhibits any malicious behavior. However, malware developers have...
Fiber A fiber is a unit of execution that must be manually scheduled by the application rather than rely on the priority-based scheduling mechanism built into Windows. Fibers are often called lightweight threads. For...
KILLER TOOL (EDR Evasion) It’s an AV/EDR Evasion tool created to bypass security tools for learning, until now the tool is FUD. Features: Module Stomping for Memory scanning evasion DLL Unhooking by fresh ntdll...
BROPPER An automatic Blind ROP exploitation python tool Abstract BROP (Blind ROP) was a technique found by Andrew Bittau from Stanford in 2014. Original paper Slides Most servers like nginx, Apache, MySQL, and forks...
APCLdr: Payload Loader With Evasion Features Features: no crt functions imported indirect syscalls using HellHall api hashing using the CRC32 hashing algorithm payload encryption using rc4 – payload is saved in .rsrc Payload injection using APC...
Invoke-PSObfuscation Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to...
NimPlant – A light first-stage C2 implant written in Nim and Python Feature Overview Lightweight and configurable implant wrote in the Nim programming language Pretty web GUI that will make you look cool during...
Shoggoth Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its...
Secure Your Connection
