Cobalt Strike UDRL for memory scanner evasion.

A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process

PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.

Sleep Obfuscation

COFF file (BOF) for managing Kerberos tickets.

A BOF to determine Windows Defender exclusions.

Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).

Execute unmanaged Windows executables in CobaltStrike Beacons

A PoC implementation for dynamically masking call stacks with timers.

A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk

BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.

Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature

Improved version of EKKO by @5pider that Encrypts only Image Sections

Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process

A proof of concept I developed to improve Gargoyle back in 2018 to achieve true memory obfuscation from position independent code

A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.

A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.

old postex for grabbing a krbtgs for my current user

HVNC for Cobalt Strike

CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking

Example of using Sleep to create better named pipes.