Useful C2 techniques and cheat sheets learned from engagements

A script to automate privilege escalation with CVE-2023-22809 vulnerability

Reverse-HTTP Redirector via DigitalOcean Apps Platform

替換WINDOWS 所有二進制檔(EXE、DLL、OCX)顯示ICON [Resource Hacker]

Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW

Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW

Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process

A new AMSI Bypass technique using .NET ALI Call Hooking.

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

poc of CVE-2022-33679

One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html

Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具，它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码，帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。

Search for potential frontable domains

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

OSCP Buffer Overflow cheat sheet

CPS 633 Computer Security - Security SEED Lab Reports

💡 Looking for inspiration for your next open source project? Or perhaps you've got a brilliant idea you can't wait to share with others? Open Source Ideas is a community built specifically for this! 👋