rasta-mouse / OST-C2-Spec
Open Source C&C Specification
☆221Updated last month
Related projects ⓘ
Alternatives and complementary repositories for OST-C2-Spec
- Evasive shellcode loader☆269Updated last month
- Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST☆168Updated 2 months ago
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆246Updated 6 months ago
- Dump lsass using only NTAPIs running 3 programs to create 3 JSON and 1 ZIP file... and generate the MiniDump later!☆351Updated last month
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆269Updated 3 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆190Updated 5 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆238Updated 5 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆145Updated 3 weeks ago
- BOF for Kerberos abuse (an implementation of some important features of the Rubeus).☆396Updated 2 weeks ago
- Attempt at Obfuscated version of SharpCollection☆189Updated last week
- AV/EDR Lab environment setup references to help in Malware development☆186Updated 2 weeks ago
- C2 infrastructure that allows Red Teamers to execute system commands on compromised hosts through Microsoft Teams.☆156Updated last week
- Patch AMSI and ETW☆232Updated 6 months ago
- Extracting NetNTLM without touching lsass.exe☆224Updated 11 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆171Updated last year
- ☆295Updated last year
- Kill AV/EDR leveraging BYOVD attack☆309Updated last year
- A beacon object file implementation of PoolParty Process Injection Technique.☆324Updated 11 months ago
- ☆244Updated 10 months ago
- ☆267Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆281Updated last year
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆344Updated last year
- Python implementation of GhostPack's Seatbelt situational awareness tool☆196Updated last week
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆301Updated last year
- Use hardware breakpoint to dynamically change SSN in run-time☆234Updated 7 months ago
- Dump lsass using only Native APIs by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆466Updated last month
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆274Updated 11 months ago
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆217Updated 2 weeks ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆540Updated 4 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆163Updated last month