T4TCH3R / RedditC2
Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.
☆24Updated last year
Related projects: ⓘ
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆87Updated last year
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆74Updated 10 months ago
- Simple HTTP async comms using standard GET/POST requests☆27Updated last week
- A third-party Gopher Assassin for the Havoc Framework.☆44Updated 8 months ago
- ☆35Updated 2 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- A care package of useful bofs for red team engagments☆47Updated last year
- Python module for running BOFs☆63Updated last year
- ☆68Updated last year
- A BOF to interact with COM objects associated with the Windows software firewall.☆100Updated 2 years ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆60Updated last year
- ☆53Updated this week
- ☆51Updated 3 years ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆84Updated last year
- ☆68Updated this week
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆53Updated 2 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆77Updated last year
- Remove API hooks from a Beacon process.☆54Updated 2 years ago
- maldev obviously☆23Updated 3 months ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆50Updated last year
- Slide decks and/or materials from conference presentations☆55Updated last year
- A VSCode devcontainer for development of COFF files with batteries included.☆47Updated last year
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆25Updated 2 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆79Updated last year
- ☆34Updated 11 months ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆49Updated last year
- Cobalt Strike BOF for quser.exe implementation using Windows API☆82Updated last year
- ☆47Updated last year
- ☆38Updated this week