Pyramid: Python scripts to evade EDRs
What is it Pyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some...
What is it Pyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some...
Codecepticon Codecepticon is a .NET application that allows you to obfuscate C#, VBA/VB6 (macros), and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams. What separates Codecepticon from other...
laZzzy laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native (Nt*) functions (not all functions but...
Villain Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a...
AceLdr – Avoid Memory Scanners A position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect. Features Easy to Use Import a single CNA script before generating shellcode. Dynamic Memory Encryption Creates a new...
TerraLdr: A Payload Loader Designed With Advanced Evasion Features no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 – payload is saved in .rsrc process injection...
AV|Ator AV|Ator is a backdoor generator utility, which uses cryptographic and injection techniques in order to bypass AV detection. More specifically: It uses AES encryption in order to encrypt a given shellcode Generates an executable...
monomorph MD5-Monomorphic Shellcode Packer – all payloads have the same MD5 hash What does it do? It packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have...
FUD-UUID-Shellcode Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :). How it works Shellcode generation Firstly, generate a payload in binary format( using either...
God Genesis God Genesis is a C2 server purely coded in Python3 created to help Red Teamers and Penetration Testers. Currently, It only supports TCP reverse shell but waits a min, it’s a FUD...
jscythe jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any...
Mangle Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by...
Exploitation / Maintaining Access
by do son · Published September 1, 2022 · Last modified September 19, 2023
Reverse SSH Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local, and remote forwarding Native SCP and SFTP implementations for retrieving...
WhiskeySAML and Friends TicketsPlease TicketsPlease: Python library to assist with the generation of Kerberos tickets, remote retrieval of ADFS configuration settings, generation of Golden SAML tokens, and retrieval of Azure Access Tokens. Modules ldap...
Concealed Code Execution Hunt & Hackett presents a set of tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows. Here you will find explanations of how these techniques work,...