Windows protocol library, including SMB and RPC implementations, among others.

A tool to transform Chromium browsers into a C2 Implant

COM-based DLL Surrogate Injection

A malicious OAuth application that can be leveraged for both internal and external phishing attacks targeting Microsoft Azure and Office365 users.

An HTA Application which builds Azure (Entra) Scenarios for Red Team Simulations

Eve is a JAMF exploitation toolkit used to interact with locally hosted JAMF servers and those hosted on jamfcloud.com.

Cobaltstrike Reflective Loader with Synthetic Stackframe

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider

Azure AppHunter is an open-source tool created for security researchers, red teamers and defenders to help them identify excessive privileges assigned to Service Principals

Voilà, install macOS on ANY Computer! This is really and magic easiest way! PVE 7.XX ~ 8.XX Support and macOS High Sierra ~ macOS Sequoia Support.

A BOF that runs unmanaged PEs inline

Freeze written in rust with APC shellcode injection. Shellcode is executed in signed Windows PE and its process gets unhooked using frozen regression

NTP server that runs on a esp32 chip

This is a novel technique that leverages the well-known Device Code phishing approach. It dynamically initiates the flow when the victim opens the phishing link and instantly redirects them to the …

PrimitiveInjection by using Read, Write and Allocation Primitives.

Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techniques

A powerful, modular, lightweight and efficient command & control framework written in Nim.

🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications

Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintain stealth and robust OPSEC.

Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll

Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

Running Shellcode using Rust

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

Chrome browser extension-based Command & Control

Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion

Tools for interacting with authentication packages using their individual message protocols