Stars
Coyote is a standalone C# post-exploitation implant for maintaining access to compromised Windows infrastructure during red team engagements using DNS tunneling.
Lurker is a cross-platform, companion implant to Cobalt Strike built with Go
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
ps1337 / Lastenzug
Forked from codewhitesec/LastenzugSocks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
C# obfuscator that bypass windows defender
Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
A lightweight container-based network emulation system.
ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel driver by importing at runtime.
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
Class containing Anti-RE, Anti-Debug and Anti-Hook methods. Made for C++/CLI
POC of a better implementation of GetProcAddress for ntdll using binary search
Custom GetProcAddress, GetModuleHandleA and some dbghelp.dll functions
Recreation of GetProcAddress without external dependencies on Windows Libraries
A care package of useful bofs for red team engagments
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory
A Python3 based C2 server to make life of red teamer a bit easier. The payload is capable to bypass all the known antiviruses and endpoints.
A Payload Loader Designed With Advanced Evasion Features
Easily and securely send things from one computer to another 🐊 📦
Official provider for VMware desktop products: Fusion, Player, and Workstation.
JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.