CodeXTF2 / WindowSpy
WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
☆263Updated last year
Alternatives and similar repositories for WindowSpy:
Users that are interested in WindowSpy are comparing it to the libraries listed below
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆150Updated 9 months ago
- PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.☆390Updated 8 months ago
- A shellcode injection tool showcasing various process injection techniques☆135Updated last year
- Patching AmsiOpenSession by forcing an error branching☆143Updated last year
- 「💀」Proof of concept on BYOVD attack☆154Updated 2 months ago
- ☆165Updated last year
- A collection of Cobalt Strike Aggressor scripts.☆91Updated 3 years ago
- Run Your Payload Without Running Your Payload☆180Updated 2 years ago
- Documents Exfiltration project for fun and educational purposes☆145Updated last year
- 🐍 Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.☆158Updated last year
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆295Updated 2 years ago
- Continuous password spraying tool☆128Updated last week
- Set of python scripts which perform different ways of command execution via WMI protocol.☆161Updated last year
- Github as C2 Demonstration , free API = free C2 Infrastructure☆134Updated last year
- ☆271Updated last year
- Evasive Golang Loader☆131Updated 6 months ago
- Execute shellcode from a remote-hosted bin file using Winhttp.☆230Updated last year
- Terminate AV/EDR Processes using kernel driver☆339Updated last year
- Kill AV/EDR leveraging BYOVD attack☆339Updated last year
- ☆113Updated 10 months ago
- RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++☆240Updated last year
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆287Updated last year
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆252Updated last year
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆168Updated 2 years ago
- PowerShell runner for executing malicious payloads in order to bypass Windows Defender.☆69Updated 3 years ago
- Lateral Movement Using DCOM and DLL Hijacking☆283Updated last year
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 6 months ago
- Execute shellcode files with rundll32☆190Updated last year
- C or BOF file to extract WebKit master key to decrypt user cookie☆186Updated 9 months ago
- An interactive shell to spoof some LOLBins command line☆182Updated last year