IncludeSecurity / c2-vulnerabilities
PoCs of RCEs against open source C2 servers
☆45Updated last month
Related projects ⓘ
Alternatives and complementary repositories for c2-vulnerabilities
- Create Anti-Copy DRM Malware☆42Updated 2 months ago
- A spin-off research project. Cobalt Strike x Notion collab 2022☆52Updated 2 years ago
- Parses Cobalt Strike malleable C2 profiles.☆48Updated this week
- Winsocket for Cobalt Strike.☆98Updated last year
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆49Updated last year
- Modified versions of the Cobalt Strike Process Injection Kit☆87Updated 9 months ago
- ☆56Updated 3 years ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆69Updated 9 months ago
- ☆61Updated 9 months ago
- 🔎🪲 Malleable C2 profiles parser and assembler written in golang☆59Updated 5 months ago
- Execute commands in other Sessions☆79Updated 3 months ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆97Updated 3 years ago
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆53Updated 6 months ago
- ☆132Updated last year
- Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly☆115Updated last month
- Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.☆75Updated 2 years ago
- ☆73Updated last year
- ApexLdr is a DLL Payload Loader written in C☆104Updated 3 months ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆149Updated last year
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆78Updated last year
- POC tools for exploring SMB over QUIC protocol☆121Updated 2 years ago
- ☆77Updated 7 months ago
- A simple BOF that frees UDRLs☆108Updated 2 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆94Updated last year
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆39Updated 9 months ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- ☆75Updated last year
- To audit the security of read-only domain controllers☆113Updated 11 months ago