Category: Maintaining Access
sish An open-source serveo/ngrok alternative. How it works SSH can normally forward local and remote ports. This service implements an SSH server that only handles forwarding and nothing else. The service supports multiplexing connections...
Patchy Automated lateral movement and persistence by abusing GCP OS patch management based on my blog post. OS patch management is a service provided by Google Cloud Platform (GCP) to enable users of the platform to...
WMImplant A PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. It will likely require local administrator permissions on...
Phantun A lightweight and fast UDP to TCP obfuscator. Phantun is a project that obfuscated UDP packets into TCP connections. It aims to achieve maximum performance with minimum processing and encapsulation overhead. It is...
r77 Rootkit Ring 3 rootkit r77 is a ring 3 Rootkit that hides the following entities from all processes: Files, directories, named pipes, scheduled tasks Processes CPU usage Registry keys & values TCP &...
rtty Access your terminal behind a NAT or firewall over the web-based on your terminal’s macaddr. It is composed of the client and the server. The server is written in go language and uses the vue+iview....
TripleCross TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON...
Sandman Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get...
Rustcat Rustcat is a port listener that can be used for different purposes. It is basically like netcat but with fewer options. Why use Rustcat? Serves it purpose of listening to ports It is...
Chisel-Strike A .NET XOR encrypted cobalt strike aggressor implementation for the chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience, I found socks4/socks4a proxies quite slow in comparison...