FULLSHADE / WarFox

Related projects: ⓘ

• rxwx / cs-rdll-ipc-example
  Example code for using named pipe output with beacon ReflectiveDLLs
  ☆108Updated 4 years ago
• connormcgarr / cThreadHijack
  Beacon Object File (BOF) for remote process injection via thread hijacking
  ☆186Updated 3 years ago
• boku7 / whereami
  Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL…
  ☆160Updated last year
• reevesrs24 / EvasiveProcessHollowing
  Evasive Process Hollowing Techniques
  ☆132Updated 4 years ago
• mrd0x / pe2shc-to-cdb
  Convert shellcode generated using pe_2_shellcode to cdb format.
  ☆95Updated 2 years ago
• DamonMohammadbagher / NativePayload_CBT
  NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)
  ☆114Updated last year
• kyleavery / TitanLdr
  Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.
  ☆134Updated 2 years ago
• paranoidninja / PIC-Get-Privileges
  Building and Executing Position Independent Shellcode from Object Files in Memory
  ☆154Updated 3 years ago
• crypt0p3g / bof-collection
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆169Updated last year
• cube0x0 / SyscallPack
  ☆221Updated this week
• rsmudge / unhook-bof
  Remove API hooks from a Beacon process.
  ☆263Updated 3 years ago
• NUL0x4C / ApiHashing
  ☆100Updated this week
• waldo-irc / YouMayPasser
  You shall pass
  ☆241Updated 2 years ago
• Octoberfest7 / KDStab
  BOF combination of KillDefender and Backstab
  ☆153Updated last year
• boku7 / injectEtwBypass
  CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
  ☆274Updated 2 years ago
• bats3c / DefensiveInjector
  Shellcode injector using direct syscalls
  ☆116Updated 4 years ago
• SecIdiot / FOLIAGE
  ☆99Updated this week
• G0ldenGunSec / SharpTransactedLoad
  Load .net assemblies from memory while having them appear to be loaded from an on-disk location.
  ☆157Updated 3 years ago
• EncodeGroup / UAC-SilentClean
  New UAC bypass for Silent Cleanup for CobaltStrike
  ☆187Updated 3 years ago
• nick-frischkorn / TymSpecial
  ☆140Updated this week
• mez-0 / InMemoryNET
  Exploring in-memory execution of .NET
  ☆130Updated 2 years ago
• oXis / GPUSleep
  Move CS beacon to GPU memory when sleeping
  ☆212Updated 2 years ago
• nettitude / RunOF
  ☆140Updated last year
• y11en / FOLIAGE
  Experiment on reproducing Obfuscate & Sleep
  ☆136Updated 3 years ago
• outflanknl / WdToggle
  A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
  ☆212Updated last year
• Sh0ckFR / InlineWhispers2
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
  ☆177Updated 2 years ago
• outflanknl / TamperETW
  PoC to demonstrate how CLR ETW events can be tampered.
  ☆184Updated 4 years ago
• apokryptein / secinject
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆87Updated 2 years ago
• S3cur3Th1sSh1t / NamedPipePTH
  Pass the Hash to a named pipe for token Impersonation
  ☆140Updated 3 years ago