Pyramid: Python scripts to evade EDRs
What is it Pyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some...
Category: Exploitation
Codecepticon v1.2.2 releases: obfuscate C#, VBA/VB6 (macros), and PowerShell source code
Codecepticon Codecepticon is a .NET application that allows you to obfuscate C#, VBA/VB6 (macros), and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams. What separates Codecepticon from other...
laZzzy: shellcode loader
laZzzy laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native (Nt*) functions (not all functions but...
Villain: Windows & Linux backdoor generator and multi-session handler
Villain Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a...
AceLdr: Cobalt Strike UDRL for memory scanner evasion
AceLdr – Avoid Memory Scanners A position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect. Features Easy to Use Import a single CNA script before generating shellcode. Dynamic Memory Encryption Creates a new...
TerraLdr: Payload Loader Designed With Advanced Evasion Features
TerraLdr: A Payload Loader Designed With Advanced Evasion Features no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 – payload is saved in .rsrc process injection...
AVIator: Antivirus evasion project
AV|Ator AV|Ator is a backdoor generator utility, which uses cryptographic and injection techniques in order to bypass AV detection. More specifically: It uses AES encryption in order to encrypt a given shellcode Generates an executable...
monomorph: MD5-Monomorphic Shellcode Packer
monomorph MD5-Monomorphic Shellcode Packer – all payloads have the same MD5 hash What does it do? It packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have...
FUD-UUID-Shellcode: bypass Windows Defender
FUD-UUID-Shellcode Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :). How it works Shellcode generation Firstly, generate a payload in binary format( using either...
GodGenesis: Python3 based C2 server to bypass all the known antiviruses and endpoints
God Genesis God Genesis is a C2 server purely coded in Python3 created to help Red Teamers and Penetration Testers. Currently, It only supports TCP reverse shell but waits a min, it’s a FUD...
jscythe: execute arbitrary javascript code
jscythe jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any...
Mangle v1.2 releases: manipulates aspects of compiled executables to avoid detection from EDRs
Mangle Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by...
Reverse SSH v2.2.3 releases: SSH based reverse shell
Reverse SSH Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local, and remote forwarding Native SCP and SFTP implementations for retrieving...
WhiskeySAML and Friends: GoldenSAML Attack Libraries and Framework
WhiskeySAML and Friends TicketsPlease TicketsPlease: Python library to assist with the generation of Kerberos tickets, remote retrieval of ADFS configuration settings, generation of Golden SAML tokens, and retrieval of Azure Access Tokens. Modules ldap...
Concealed Code Execution: Tools and technical write-ups describing attacking techniques
Concealed Code Execution Hunt & Hackett presents a set of tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows. Here you will find explanations of how these techniques work,...
