Logisek / CalcOrItDidntHappenLinks
A curated collection of Living off the Land (LotL) attack demonstrations where trusted binaries go rogue, because if it didn’t launch calc.exe, did it even happen?
☆34Updated last month
Alternatives and similar repositories for CalcOrItDidntHappen
Users that are interested in CalcOrItDidntHappen are comparing it to the libraries listed below
Sorting:
- PoC MSI payload based on ASEC/AhnLab's blog post☆23Updated 3 years ago
- A PoC for achieving persistence via push notifications on Windows☆47Updated 2 years ago
- Docker container for running CobaltStrike 4.10☆37Updated last year
- Command and Control Framework using powershell implants☆35Updated 3 months ago
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆26Updated 3 years ago
- Modified version of Impacket to use dynamic NTLMv2 Challenge/Response☆19Updated 2 years ago
- A tool to exchange decryption keys for command and control (C2) beacons and implants through DNS records.☆39Updated 2 years ago
- This repository contains several AMSI bypasses. These bypasses are based on some very nice research that has been put out by some awesome…☆24Updated 3 years ago
- A script that parses PowerView's output for GPO analysis. Integrated into bloodhound to find misconfigurations of URA, SMB signing etc☆15Updated 5 years ago
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆33Updated 2 years ago
- ☆18Updated 11 months ago
- Aggressor script to automatically download and load an arsenal of open source and private Cobalt Strike tooling.☆44Updated last year
- A cap/pcap packet parser to make life easier when performing stealth/passive reconnaissance.☆22Updated last year
- ☆52Updated last year
- Tools for offensive security of NetBackup infrastructures☆41Updated 2 years ago
- Proof-of-Concept to evade auditd by writing /proc/PID/mem☆23Updated 2 years ago
- OSED Practice binary☆24Updated last year
- Extension functionality for the NightHawk operator client☆27Updated last year
- ☆48Updated last year
- WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.☆55Updated 4 years ago
- Tool to aid in dumping LSASS process remotely☆41Updated last year
- .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…☆44Updated last year
- Identify binaries with Authenticode digital signatures signed to an internal CA/domain☆40Updated last year
- Slides for the talk we presented as UniPi at DefCon's Red Team Village☆23Updated 3 years ago
- Items related to the RedELK workshop given at security conferences☆29Updated last year
- ☆23Updated last year
- Multi-threaded C2 framework built in Flask with keylogger - from the Offensive C# Course by Naga Sai Nikhil☆21Updated 3 years ago
- Brute Ratel LDAP filtering and sorting tool. Easily take BR log output and pull hostnames for ease of use with other red team tooling. Su…☆38Updated last year
- Perform Windows domain enumeration via LDAP☆36Updated 3 years ago
- ☆31Updated 3 years ago