C-Sto / BananaPhone

Related projects: ⓘ

• sh4hin / GoPurple
  Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
  ☆476Updated 3 years ago
• Binject / go-donut
  Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut
  ☆305Updated 2 years ago
• rvrsh3ll / BOF_Collection
  Various Cobalt Strike BOFs
  ☆557Updated last year
• optiv / Ivy
  Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …
  ☆734Updated last year
• CCob / BOF.NET
  A .NET Runtime for Cobalt Strike's Beacon Object Files
  ☆652Updated 2 weeks ago
• codewhitesec / HandleKatz
  PIC lsass dumper using cloned handles
  ☆570Updated last year
• Cracked5pider / KaynLdr
  KaynLdr is a Reflective Loader written in C/ASM
  ☆514Updated 9 months ago
• kyleavery / AceLdr
  Cobalt Strike UDRL for memory scanner evasion.
  ☆865Updated 3 months ago
• xuanxuan0 / DripLoader
  Evasive shellcode loader for bypassing event-based injection detection (PoC)
  ☆701Updated 3 years ago
• boku7 / BokuLoader
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆1,241Updated 9 months ago
• C-Sto / gosecretsdump
  Dump ntds.dit really fast
  ☆365Updated 2 years ago
• itm4n / PPLdump
  Dump the memory of a PPL with a userland exploit
  ☆839Updated 2 years ago
• CCob / SharpBlock
  A method of bypassing EDR's active projection DLL's by preventing entry point exection
  ☆1,094Updated 3 years ago
• slaeryan / AQUARMOURY
  ☆531Updated this week
• med0x2e / GadgetToJScript
  A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from …
  ☆852Updated 3 years ago
• Wra7h / FlavorTown
  Various ways to execute shellcode
  ☆472Updated 6 months ago
• anthemtotheego / InlineExecute-Assembly
  InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…
  ☆588Updated last year
• Tylous / SourcePoint
  SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
  ☆1,020Updated 5 months ago
• ajpc500 / BOFs
  Collection of Beacon Object Files
  ☆538Updated last year
• MythicAgents / Apollo
  A .NET Framework 4.0 Windows Agent
  ☆443Updated 2 weeks ago
• deepinstinct / Dirty-Vanity
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆612Updated last year
• trustedsec / CS-Situational-Awareness-BOF
  Situational Awareness commands implemented using Beacon Object Files
  ☆1,222Updated last week
• Cracked5pider / Ekko
  Sleep Obfuscation
  ☆661Updated 9 months ago
• mgeeky / cobalt-arsenal
  My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
  ☆1,029Updated last year
• klezVirus / SysWhispers3
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,261Updated last month
• Idov31 / Cronos
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆551Updated 11 months ago
• boku7 / spawn
  Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
  ☆427Updated last year
• FuzzySecurity / StandIn
  StandIn is a small .NET35/45 AD post-exploitation toolkit
  ☆681Updated 9 months ago
• MythicAgents / thanatos
  Mythic C2 agent targeting Linux and Windows hosts written in Rust
  ☆306Updated 2 weeks ago
• b4rtik / SharpKatz
  Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
  ☆960Updated 2 years ago