0xfl0ki Goto Github PK

aceldr

Cobalt Strike UDRL for memory scanner evasion.

azure-red-team

Azure Security Resources and Notes

bokuloader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

c2-tool-collection

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

certipy

Tool for Active Directory Certificate Services enumeration and abuse

chisel

A fast TCP/UDP tunnel over HTTP

cloudpentestcheatsheets

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

cobaltstrike-aggressor-scripts

A collection of Cobalt Strike Aggressor scripts.

cookie-graber-bof

C or BOF file to extract WebKit master key to decrypt user cookie

covenant-profiles

darkloadlibrary

LoadLibrary for offensive operations

dotfiles

edr-preloader

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

evilginx2-ttps

Reverse engineered to remove IOCs, added Exchange Online Protection IP blacklist and bing-bot user-agent blocking, DNS configuration and notes on usage.

handlekatz_bof

A BOF port of the research of @thefLinkk and @codewhitesec

intune-acsc-windows-hardening-guidelines

Collection of Intune policies that could assist with implementing ACSC's Windows hardening guidance.

invishell

iscsicpl_bypassuac

UAC bypass for x64 Windows 7 - 11

just-go-phishing

Phishing infrastructure deployment made easy.

kaynldr

KaynLdr is a Reflective Loader written in C/ASM

ldapnomnom

Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)

mailsniper

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

malseclogon

A little tool to play with the Seclogon service

n0kovo_subdomains

An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.

operatorskit

Collection of Beacon Object Files (BOF) for Cobalt Strike

opsec-tradecraft

Collection of OPSEC Tradecraft and TTPs for Red Team Operations

packmypayload

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

pentesting-cheatsheets

A collection of pentesting cheatsheets I'm building as I find new ways to test things I come across. Updated regularly.

poolparty

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

powersccm

PowerSCCM - PowerShell module to interact with SCCM deployments