wietze / windows-command-line-obfuscation
Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.
☆136Updated 3 years ago
Related projects: ⓘ
- Load any Beacon Object File using Powershell!☆245Updated 2 years ago
- An effort to track security vendors' use of Microsoft's Antimalware Scan Interface☆227Updated 2 years ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆305Updated last year
- Koppeling x Metatwin x LazySign☆200Updated 3 years ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆162Updated last year
- Cobalt Strike Beacon configuration extractor and parser.☆142Updated 3 years ago
- ☆141Updated 10 months ago
- Apply a filter to the events being reported by windows event logging☆259Updated 3 years ago
- official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)☆230Updated 2 years ago
- ☆161Updated last year
- ☆180Updated 2 years ago
- ☆241Updated 11 months ago
- 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.☆127Updated last year
- AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Co…☆208Updated 3 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆253Updated 2 years ago
- LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript☆328Updated 3 years ago
- ☆200Updated 2 years ago
- Run Rubeus via Rundll32☆193Updated 4 years ago
- ☆124Updated 3 years ago
- Executes position independent shellcode from an encrypted zip☆300Updated 3 years ago
- ☆258Updated last year
- Macro-Enabled Excel File Generator (.xlsm) using the EPPlus Library.☆140Updated 4 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆265Updated last year
- Simple EDR implementation to demonstrate bypass☆152Updated 4 years ago
- Identify the attack paths in BloodHound breaking your AD tiering☆294Updated last year
- SpecterOps Presentations☆176Updated last month
- GolenGMSA tool for working with GMSA passwords☆133Updated 5 months ago
- Material for the "Hands-On BloodHound" Workshop☆104Updated 3 years ago
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆229Updated 3 years ago
- A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object☆219Updated 4 years ago