shogunlab / building-c2-implants-in-cpp

Related projects: ⓘ

• xforcered / BokuLoader
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆316Updated last month
• thefLink / Hunt-Sleeping-Beacons
  Aims to identify sleeping beacons
  ☆461Updated 3 months ago
• trickster0 / TartarusGate
  TartarusGate, Bypassing EDRs
  ☆519Updated 2 years ago
• trustedsec / COFFLoader
  ☆457Updated last week
• itm4n / PPLmedic
  Dump the memory of any PPL with a Userland exploit chain
  ☆327Updated last year
• boku7 / HOLLOW
  EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…
  ☆263Updated last year
• jacob-baines / concealed_position
  Bring your own print driver privilege escalation tool
  ☆241Updated 3 years ago
• deepinstinct / Dirty-Vanity
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆612Updated last year
• thefLink / DeepSleep
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆342Updated 2 years ago
• aaaddress1 / Skrull
  Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…
  ☆447Updated 2 years ago
• Maldev-Academy / EntropyReducer
  Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
  ☆365Updated last year
• c0de90e7 / GhostWriting
  GhostWriting Injection Technique.
  ☆162Updated 6 years ago
• Maldev-Academy / HellHall
  Performing Indirect Clean Syscalls
  ☆451Updated last year
• SolomonSklash / SleepyCrypt
  A shellcode function to encrypt a running process image when sleeping.
  ☆329Updated 3 years ago
• Wra7h / FlavorTown
  Various ways to execute shellcode
  ☆472Updated 6 months ago
• ajpc500 / BOFs
  Collection of Beacon Object Files
  ☆538Updated last year
• codewhitesec / HandleKatz
  PIC lsass dumper using cloned handles
  ☆570Updated last year
• outflanknl / InlineWhispers
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
  ☆302Updated 2 years ago
• rad9800 / misc
  miscellaneous scripts and programs
  ☆211Updated last year
• dobin / antnium
  A C2 framework for initial access in Go
  ☆166Updated 2 years ago
• Bw3ll / ShellWasp
  ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…
  ☆156Updated last year
• last-byte / RIPPL
  RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows
  ☆6Updated 2 years ago
• Cracked5pider / KaynLdr
  KaynLdr is a Reflective Loader written in C/ASM
  ☆514Updated 9 months ago
• Cracked5pider / CoffeeLdr
  Beacon Object File Loader
  ☆270Updated 9 months ago
• MythicAgents / thanatos
  Mythic C2 agent targeting Linux and Windows hosts written in Rust
  ☆306Updated 2 weeks ago
• rvrsh3ll / BOF_Collection
  Various Cobalt Strike BOFs
  ☆557Updated last year
• lab52io / LeakedHandlesFinder
  Leaked Windows processes handles identification tool
  ☆268Updated 2 years ago
• binderlabs / DirCreate2System
  Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting
  ☆355Updated last year
• S3cur3Th1sSh1t / Nim-RunPE
  A Nim implementation of reflective PE-Loading from memory
  ☆262Updated 2 weeks ago
• securifybv / Visual-Studio-BOF-template
  A Visual Studio template used to create Cobalt Strike BOFs
  ☆278Updated 2 years ago