Stars
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…
Simple (relatively) things allowing you to dig a bit deeper than usual.
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
Research code & papers from members of vx-underground.
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
A modern 64-bit position independent implant template
Execute unmanaged Windows executables in CobaltStrike Beacons
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…
EternalBlue suite remade in C/C++ which includes: MS17-010 Exploit, EternalBlue vulnerability detector, DoublePulsar detector and DoublePulsar Shellcode & DLL uploader
Collection of Beacon Object Files (BOF) for Cobalt Strike
Inject .NET assemblies into an existing process
Exploiting DLL Hijacking by DLL Proxying Super Easily
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
A shellcode function to encrypt a running process image when sleeping.
A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
.NET assembly loader with patchless AMSI and ETW bypass