ProfileHound is a post-escalation tool to help find and achieve red-teaming objectives by locating domain user profiles on machines. It uses the BloodHound OpenGraph format to build a new edge called HasUserProfile which determines if a...
Team Cymru conducts a macroscopic analysis of global network traffic, harnessing the power of aggregated NetFlow data and the intelligence gleaned from open-port scanning. Such profound visibility illuminates the intricate web of connections between...
GHARF is an efficient support framework for Red Team exercises that applies the concept of CI/CD (Continuous Integration / Continuous Delivery). It can be used for exercises aimed at security assessment, research, and human...
Singularity is a powerful Linux Kernel Module (LKM) rootkit designed for modern 6.x kernels. It provides comprehensive stealth capabilities through advanced system call hooking via ftrace infrastructure. What is Singularity? Singularity is a sophisticated rootkit...
The top spot in HackerOne’s global ranking is no longer held by a human, but by a machine. Behind the alias “XBOW” is not a living researcher, but an AI-driven system that has already...
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken...
Bolthole A proof-of-concept ClickOnce payload for Red Teams to establish initial access in authorized penetration tests. Overview Bolthole provides operators with: Reverse SSH tunnel into the target environment CMD shell access as the executing...
The emergence of a new tool known as RingReaper has sparked concern among cybersecurity experts and penetration testing teams alike. This program leverages a legitimate yet highly potent Linux kernel feature called io_uring to...
Nimhawk is an advanced command and control (C2) framework that builds upon the exceptional foundation laid by Cas van Cooten (@chvancooten) with his NimPlant project. Cas’s innovative work in developing a lightweight implant written in Nim has been...
ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike...
Hollowise is a Windows-based tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques. It allows for stealth execution of debuggers and code and network analizers by replacing the memory of a suspended process (e.g. calc.exe) with...
Beacon Object File (BOF) support has been at the cornerstone of capability for any modern C2 platform since its inception by Cobalt Strike 4.1 back in 2020. It was a major step forward towards...
