Stars
A little tool to play with Windows security
Small and highly portable detection tests based on MITRE's ATT&CK.
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
Situational Awareness commands implemented using Beacon Object Files
Execute unmanaged Windows executables in CobaltStrike Beacons
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…
Collection of Beacon Object Files (BOF) for Cobalt Strike
This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.
Collection of remote authentication triggers in C#
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
Cobalt Strike BOF for evasive .NET assembly execution
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
Print Spooler Named Pipe Impersonation for Cobalt Strike
Zipper, a CobaltStrike file and folder compression utility.
Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel