claysec 最近的时间轴更新

BokuLoader A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

Loki ♂ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications

azureOutlookC2 Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

spawn Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, andexecutes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.

Ninja_UUID_Runner Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

venom Venom C2 is a dependencyfree Python3 Command & Control framework for redteam persistence

injectAmsiBypass Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

injectEtwBypass CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)

HOLLOW EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

StringReaper Reaping treasures from strings in remote processes memory

AsmHalosGate x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks

patchwerk BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)

whereami Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.

winx64-InjectAllProcessesMeterpreter-Shellcode 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.

halosgate-ps Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes

HellsGatePPID Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process

Nobelium-PdfDLRunAesShellcode A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn

XSS-Clientside-Attacks A repository of Javascript XSS attacks against client browsers

xPipe Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions

x64win-DynamicNoNull-WinExec-PopCalc-Shellcode 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free

x64win-AddRdpAdminShellcode 64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"

tailorMS-rXSS-Keylogger Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.

StockManagement-XSS-Login-CredHarvester Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Stock Management System v1.0 allows remote attackers to harvest login credentials & session cookie via unauthenticated victim clicking malicious URL and entering credentials.

DarkWidow Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bir + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

gsSMTP-Csrf2Xss2RCE

OffensiveRust Rust Weaponization for Red Team Engagements.

LibreHealth-authRCE LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the hosting webserver via uploading a maliciously crafted image.

SCMKit Source Code Management Attack Toolkit

gsCMS-CustomJS-Csrf2Xss2Rce GetSimple CMS Custom JS Plugin Exploit RCE Chain

boku7.github.io Blog

CVE-2020-23839 Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal

slae64 Repo for SLAE64 Exam

GetSimple-SmtpPlugin-CSRF2RCE GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE

Ares Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique

beacon Former attempt at creating a independent Cobalt Strike Beacon

BikeRental-FU-RCE

LoudSunRun My shitty attempt at tampering with the callstack based on the work of namazso, SilentMoonWalk, and VulcanRaven

Apollo A .NET Framework 4.0 Windows Agent

onlineCourseReg-RCE From 0 to Remote Code Execution - exploit development files for Online Course Registration Web Application RCE

DayBird Extension functionality for the NightHawk operator client

GraphRunner A Post-exploitation Toolset for Interacting with the Microsoft Graph API

ADOKit Azure DevOps Services Attack Toolkit

BOFMask

fuzzingFTP Python scripts for fuzzing FTP servers, with percision, over TCP

homeRent-SQLi-RCE House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability allowing remote attackers to execute arbitrary code on the hosting webserver via sending a malicious POST request.

AceLdr Cobalt Strike UDRL for memory scanner evasion.

KernelCallbackTable-Injection Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html

LOLBAS Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

slae32 Repo for all SLAE32 Exam Assignments

aCal-RCE Exploit Development files for aCal web application - reflected XSS to RCE.

AV_Bypass-Splitter Splitter script to identify Anti-Virus signature of an executable

Azur3Alph4 Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position.

burp-jars

HellsGate Original C Implementation of the Hell's Gate VX Technique

Malleable-C2-Profiles Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.

nt5src Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.

OSEP-Code-Snippets A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.

RedLizard RedLizard Rust TCP Reverse Shell Server/Client

StandIn StandIn is a small .NET35/45 AD post-exploitation toolkit

TokenTactics Azure JWT Token Manipulation Toolset

Windows_LPE_AFD_CVE-2023-21768 LPE exploit for CVE-2023-21768

BarracudaDrivev6.5-LocalPrivEsc Insecure Service File Permissions in bd service in Real Time Logics BarracudaDrive v6.5 allows local attackers to escalate privileges to admin via replacing the bd.exe file and restarting the computer where it will be run as 'LocalSystem' on the next startup automatically.

CheatSheets Cheat sheets for various projects.

cobalt_strike_extension_kit Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

CS-Situational-Awareness-BOF Situational Awareness commands implemented using Beacon Object Files

CVE-2021-1675 Impacket implementation of CVE-2021-1675

ElevateKit The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.

Havoc The Havoc Framework

msspray Password attacks and MFA validation against various endpoints in Azure and Office 365

PrintNightmare

SourcePoint SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

Talon (Demo) 3rd party agent for Havoc

xdev-templates Random helpful xdev templates

dll-injection-by-CreateRemoteThread

domQuestPro-SEH-BOF

EDRs

h0mbre.github.io

claysec V2EX 第 210570 号会员，加入于 2017-01-12 17:59:08 +08:00

二手交易 相关的信息，包括已关闭的交易，不会被隐藏