smokeme / airstrike
☆154Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for airstrike
- Patching AmsiOpenSession by forcing an error branching☆143Updated last year
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆250Updated last year
- Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs☆64Updated last year
- ☆181Updated 7 months ago
- ☆173Updated 11 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆155Updated 3 weeks ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆215Updated last year
- ☆207Updated 6 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆145Updated 10 months ago
- ☆144Updated last year
- A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY☆77Updated 2 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆95Updated last year
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆148Updated 10 months ago
- Execute shellcode files with rundll32☆181Updated 9 months ago
- Lateral Movement☆118Updated 11 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆107Updated last month
- Shaco is a linux agent for havoc☆145Updated last year
- Patch AMSI and ETW☆230Updated 6 months ago
- ☆106Updated 6 months ago
- A BOF to automate common persistence tasks for red teamers☆267Updated last year
- Just another C2 Redirector using CloudFlare.☆78Updated 5 months ago
- ApexLdr is a DLL Payload Loader written in C☆104Updated 3 months ago
- A C# port from Invoke-GhostTask☆109Updated 10 months ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆292Updated 2 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆138Updated 8 months ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆227Updated last year
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆149Updated last year
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆152Updated last year
- Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.☆75Updated 2 years ago