Stars
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases…
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
Encrypted shellcode Injection to avoid Kernel triggered memory scans
Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (AC…
HTML smuggling is not an evil, it can be useful
The Definitive Guide To Process Cloning on Windows
Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques.
Dump the memory of any PPL with a Userland exploit chain
A Visual Studio template used to create Cobalt Strike BOFs
BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.
DLL Exports Extraction BOF with optional NTFS transactions.
Exploiting DLL Hijacking by DLL Proxying Super Easily
Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
A cross-platform C and C++ unit testing framework for the 21st century
Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
Win32 Console Documentation -- in particular, console/standard handles and CreateProcess inheritance
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…