CodeXTF2 / HavocNotion

A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally safe or stable, built as a PoC to showcase Havoc C2's modular C2 channel interface.

☆82

Related projects ⓘ

Alternatives and complementary repositories for HavocNotion

Wh04m1001 / DiagTrackEoP
☆89Updated 2 years ago
ChoiSG / OneDriveUpdaterSideloading
Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post
☆86Updated 2 years ago
reveng007 / AMSI-patches-learned-till-now
I have documented all of the AMSI patches that I learned till now
☆68Updated last year
pwnsauc3 / RWXfinder
The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section
☆95Updated last year
0xsp-SRD / callback_injection-Csharp
this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…
☆82Updated 2 years ago
xforcered / BOFMask
☆119Updated last year
ScriptIdiot / sleepmask_PatchlessHook
Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
☆78Updated last year
susMdT / SharpAgent
C# havoc implant
☆96Updated last year
trustedsec / PPLFaultDumpBOF
☆133Updated last year
klezVirus / NimlineWhispers3
A tool for converting SysWhispers3 syscalls for use with Nim projects
☆138Updated 2 years ago
xalicex / LOLDrivers_finder
☆73Updated last year
rasta-mouse / PPEnum
Simple BOF to read the protection level of a process
☆104Updated last year
ewby / Mockingjay_BOF
Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
☆149Updated last year
Maldev-Academy / DRMBinViaOrdinalImports
Create Anti-Copy DRM Malware
☆46Updated 3 months ago
Octoberfest7 / JumpSession_BOF
Beacon Object File allowing creation of Beacons in different sessions.
☆76Updated 2 years ago
waawaa / AMSI_Rubeus_bypass
☆61Updated 2 years ago
VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
☆86Updated 2 years ago
CymulateResearch / Blindside
Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
☆111Updated last year
werdhaihai / SharpAltShellCodeExec
Alternative Shellcode Execution Via Callbacks in C# with P/Invoke
☆72Updated last year
MayerDaniel / profiler-lateral-movement
Lateral Movement via the .NET Profiler
☆76Updated 5 months ago
eversinc33 / Godmode
Tool for playing with Windows Access Token manipulation.
☆51Updated last year
NVISOsecurity / cs2br-bof
☆59Updated 3 months ago
REDMED-X / InjectKit
Modified versions of the Cobalt Strike Process Injection Kit
☆88Updated 9 months ago
trustedsec / CS_COFFLoader
☆122Updated 11 months ago
c3r3br4t3 / ShadowRDP
☆62Updated 9 months ago
S4ntiagoP / freeBokuLoader
A simple BOF that frees UDRLs
☆109Updated 2 years ago
Mav3rick33 / ZenLdr
Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature
☆94Updated last year
MaorSabag / SideLoadingDLL
Do some DLL SideLoading magic
☆75Updated last year