Ulfberht: Shellcode loader
Ulfberht Shellcode loader Features : Indirect syscall. Module stomping. Load a stomped module using APC. Execute the payload with a direct jump (jmp) without creating a new thread. API hashing implemented using the DJB2...
Category: Ethical Hacking
TrailShark: Enhance AWS Security with Near-Real-Time Insights
TrailShark The TrailShark Capture Utility seamlessly integrates with Wireshark, facilitating the capture of AWS CloudTrail logs directly into Wireshark for near-real-time analysis. This tool can be used for debugging AWS API calls and played...
Responder: LLMNR/NBT-NS/mDNS Poisoner and NTLMv1/2 Relay
Responder an LLMNR, NBT-NS, and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409). By default, the tool will only answer to File Server Service request, which...
Stratus Red team: emulate offensive attack techniques
Stratus Red team Stratus Red Team is “Atomic Red Team™” for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. Stratus Red Team is a lightweight Go binary you...
Chrome App-Bound Encryption Decryption: decrypt App-Bound encrypted keys in Chrome
Chrome App-Bound Encryption Decryption This tool decrypts App-Bound Encrypted (ABE) keys stored in the Local State file of supported Chromium-based browsers, including Google Chrome, Brave, and Microsoft Edge. ABE, introduced in Chrome version 127, binds decryption capabilities...
BounceBack: Stealth redirector for your red team operation security
BounceBack BounceBack is a powerful, highly customizable, and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses real-time traffic analysis through various filters and...
ExecutePeFromPngViaLNK: Extract and execute a PE embedded within a PNG file using an LNK file
ExecutePeFromPngViaLNK Extract and execute a PE embedded within a PNG file using an LNK file. The PE file is encrypted using a single-key XOR algorithm and then injected as an IDAT section to the...
VAC kernel-mode bypass: Fully working kernel-mode VAC bypass
VAC kernel-mode bypass Fully working VAC kernel-mode bypass, it makes use of either SSDT hooks or Infinityhook to intercept VAC syscalls and ultimately spoof the results in order to bypass the memory integrity checks....
EmbedPayloadInPng: Embed a payload inside a PNG file
EmbedPayloadInPng Embed a payload within a PNG file by splitting the payload across multiple IDAT sections. Each section is encrypted individually using its own 16-byte key with the RC4 encryption algorithm. Implementation This repository consists...
Penelope: A Shell Handler
Penelope Penelope is a shell handler designed to be easy to use and intended to replace netcat when exploiting RCE vulnerabilities. It is compatible with Linux and macOS and requires Python 3.6 or higher....
gost: GO Simple Tunnel
gost – GO Simple Tunnel Features Listening on multiple ports Multi-level forward proxies – proxy chain Standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support Probing resistance support for web proxy TLS encryption via negotiation support for SOCKS5...
Secure Stager: An x64 position-independent shellcode stager
Secure Stager This project demonstrates an x64 position-independent stager that verifies the stage it downloads prior to executing it. This offers a safeguard against man-in-the-middle attacks for those who are concerned about such things....
Ghost: Evasive shellcode loader
Ghost Ghost is a shellcode loader project designed to bypass multiple detection capabilities that are usually implemented by an EDR Detection 1 – kernel callbacks kernel callbacks are implemented by an EDR to harness...
Empire: PowerShell & Python post-exploitation agent
Empire Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility....
Voidmaw: A new bypass technique for memory scanners
VOIDMAW This is a new bypass technique for memory scanners. It is useful in hiding problematic code that will be flagged by the antivirus vendors. This is basically an improved version of Voidgate, but without...
Maestro: Abusing Intune for Lateral Movement over C2
Maestro Maestro is a post-exploitation tool designed to interact with Intune/EntraID from a C2 agent on a user’s workstation without requiring knowledge of the user’s password or Azure authentication flows, token manipulation, and web-based...
