BeetleChunks / Obligato
This project is an implant framework designed for long term persistent access to Windows machines.
☆110Updated last year
Alternatives and similar repositories for Obligato:
Users that are interested in Obligato are comparing it to the libraries listed below
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated last year
- ☆135Updated last year
- Find DLLs with RWX section☆79Updated last year
- Simple BOF to read the protection level of a process☆115Updated last year
- Do some DLL SideLoading magic☆84Updated last year
- A bunch of scripts and code i wrote.☆139Updated 5 months ago
- Slide decks and/or materials from conference presentations☆56Updated 2 years ago
- POC for frustrating/defeating Malware Analysts☆154Updated 2 years ago
- ☆180Updated last year
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆114Updated last year
- Your syscall factory☆121Updated last month
- Construct the payload at runtime using an array of offsets☆63Updated 10 months ago
- ☆122Updated last year
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆155Updated last month
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆118Updated 10 months ago
- ☆106Updated last year
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆91Updated 2 years ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆119Updated 9 months ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆89Updated 10 months ago
- ☆154Updated 4 months ago
- ☆110Updated 5 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆97Updated last year
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆142Updated 2 years ago
- Example code samples from our ScriptBlock Smuggling Blog post☆89Updated 10 months ago
- Create Anti-Copy DRM Malware☆55Updated 8 months ago
- ☆153Updated 8 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆88Updated this week
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆261Updated 7 months ago