codewhitesec / Lastenzug
Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
☆210Updated last year
Related projects: ⓘ
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆250Updated last year
- Patch AMSI and ETW☆227Updated 4 months ago
- You shall pass☆241Updated 2 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆177Updated 2 years ago
- COFF file (BOF) for managing Kerberos tickets.☆276Updated last year
- My implementation of the GIUDA project in C++☆152Updated last year
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆182Updated 3 years ago
- Reuse open handles to dynamically dump LSASS.☆231Updated 5 months ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆169Updated last year
- Hookers are cooler than patches.☆167Updated 2 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆136Updated 6 months ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 3 years ago
- (Demo) 3rd party agent for Havoc☆124Updated last year
- Remove API hooks from a Beacon process.☆263Updated 3 years ago
- tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"☆153Updated 2 years ago
- ADCS cert template modification and ACL enumeration☆126Updated last year
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆109Updated 10 months ago
- BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs☆169Updated 2 years ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆225Updated last year
- ☆245Updated this week
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆137Updated 2 years ago
- ☆172Updated 9 months ago
- C# version of Powermad☆152Updated 9 months ago
- ☆138Updated this week
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆134Updated 2 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆128Updated last year
- EDRSandblast-GodFault☆239Updated last year
- Coerce Windows machines auth via MS-EVEN☆152Updated 8 months ago
- Koppeling x Metatwin x LazySign☆200Updated 3 years ago
- Your syscall factory☆121Updated last week