Category: Ethical Hacking

C2 framework, email C2

b3acon: In-Memory C# IMAP C2 over Email

b3acon is a mail based C2 that uses an in-memory, dynamically compiled C# IMAP client via PowerShell. It communicates entirely through standard email protocols, fetching commands from email drafts and sending execution results to the...

offensive data

Nemesis: An offensive data enrichment pipeline

Nemesis Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data...

generating reverse shells

shells: Script for generating reverse shells

Shellz A script for generating common reverse shells fast and easy. Especially nice when in need of PowerShell and Python reverse shells, which can be a PITA getting correctly formatted. PowerShell revshells Shows username@computer.(domain),...

shellcode encryption tool

Supernova: shellcode encryption tool

Supernova Supernova is an open-source tool that empowers users to securely encrypt and/or obfuscate their raw shellcode.Supernova supports various features beyond those typically found in a common shellcode encryptor tool. Features Supernova offers automatic...

Kerberos abuse

Kerbeus-BOF: Beacon Object Files for Kerberos abuse

Kerbeus-BOF Beacon Object Files for Kerberos abuse. This is an implementation of some important features of the Rubeus project, written in C. The project features integration with the C2 frameworks Cobalt Strike and Havoc. Download git clone https://github.com/RalfHacker/Kerbeus-BOF.git Use...

AI security

V’ger: AI/ML Security in Your Arsenal

V’ger V’ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations. User Stories As a Red Teamer, you’ve found Jupyter credentials, but don’t know what you...

Deepfake Offensive Toolkit

dot: The Deepfake Offensive Toolkit

Deepfake Offensive Toolkit dot (aka Deepfake Offensive Toolkit) makes real-time, controllable deepfakes ready for virtual camera injection. dot is created for performing penetration testing against e.g. identity verification and video conferencing systems, for the use by...