Stars
Cobalt Strike Malleable C2 Design and Reference Guide
DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the ori…
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849)
Collection of various malicious functionality to aid in malware development
Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()
Generates malicious LNK file payloads for data exfiltration
Hide your P/Invoke signatures through other people's signed assemblies
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
This project aims to compare and evaluate the telemetry of various EDR products.
Apache Solr Backup/Restore APIs RCE Poc (CVE-2023-50386)
A centralized resource for previously documented WDAC bypass techniques
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
Native API header files for the System Informer project.
Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc…
A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors