HWSyscalls HWSyscalls is a new method to execute indirect syscalls using 3 main components: Hardware breakpoints and Vectored Exception Handler to control the flow of execution. HalosGate is used to find syscall numbers and...
RedditC2 Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, might be a great way to make the traffic look legit. Workflow Teamserver Go to the specific...
SilentMoonwalk SilentMoonwalk is a PoC implementation of a fully dynamic call stack spoofer, implementing a technique to remove the original caller from the call stack, using ROP to desynchronize unwinding from the control flow....
hackebds In the process of penetration and vulnerability mining of embedded devices, many problems have been encountered. One is that some devices do not have telnetd or ssh services to obtain an interactive shell....
Alcatraz Alcatraz is an x64 binary obfuscator that is able to obfuscate various different pe files including: .exe .dll .sys Features In the following showcase, all features (besides the one being showcased) are disabled....
sh4d0wup Have you ever wondered if the update you downloaded is the same one everybody else gets or did you get a different one that was made just for you? Shadow updates are updates that...
ulexecve This Python tool is called ulexecve and it stands for userland execve. It helps you execute arbitrary ELF binaries on Linux systems from userland without ever calling the execve() systemcall. In other words: you can execute...
Exploitation / Maintaining Access / Post Exploitation
by do son · Published January 17, 2023 · Last modified January 18, 2023
Striker C2 Striker is a simple Command and Control (C2) program. Features A) Agents Native agents for Linux and windows hosts. Self-contained, minimal python agent should you ever need it. HTTP(s) channels. Asynchronous task execution. Support for...
Spartacus DLL Hijacking Spartacus is utilising the SysInternals Process Monitor and is parsing raw PML log files. You can leave ProcMon running for hours and discover 2nd and 3rd level (ie an app that loads another...
geacon_pro geacon_pro is an Anti-Virus bypassing CobaltStrike Beacon written in Golang based on the geacon project. geacon_pro supports CobaltStrike version 4.1+ geacon_pro has implemented most functions of Beacon. The core of bypassing Anti-Virus can be...
Powershell obfuscation A simple and effective powershell obfuscation tool bypass Anti-Virus, VT. AMSI-bypass obfuscation + ETW-block obfuscation + powershell command obfuscation. The tool with the best anti-obfuscation effect at present should be《Invoke-Deobfuscation: AST-Based and...
BrokenFlow A simple PoC to invoke an encrypted shellcode by using a hidden call. Introduction This code uses a simple trick to hide the instruction that effectively will jump to our shellcode. This should make...
Freeze Freeze is a payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze utilizes multiple techniques to not only remove Userland EDR hooks but to also...
RustChain This tool is a simple PoC of how to hide memory artifacts using an ROP chain in combination with hardware breakpoints. The ROP chain will change the main module memory page’s protections to...
ADFSRelay This repository includes two utilities NTLMParse and ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages...
Secure Your Connection
