codextf2 Goto Github PK

followers: 403.0 following: 44.0 repos: 31.0 gists: 0.0

Name: CodeX

Type: User

Company: im in school lol

Bio: Red teamer and offensive dev. I pop shells and play tf2.

Twitter: codex_tf2

Location: userland

Blog: https://codex-7.gitbook.io

root@codex🖥️# whoami

I'm a skid who likes developing offensive tools e.g. red team implants/droppers, C2 infra and other general offensive research. I occasionally clean up some of the tools/scripts I create over time and post them here.

anything I make is to be used strictly ONLY for malicious purposes. I am NOT responsible for any education that results from incorrect or legitimate use. It is YOUR responsibility to ensure that the tool is not used in accordance with local laws. (/s so I dont get sued thanks) 🤡

Red team gitbook

I sometimes document random offensive research I do in my free time on this gitbook.

Check out my gitbook :D

Projects (by category)

Extending Cobalt Strike

Extending Havoc C2

Misc offensive tooling

SharpAwareness

CodeX's Projects

aceldr

Cobalt Strike UDRL for memory scanner evasion.

am0n-eye

forked for safekeeping

beacon_notify_discordhook

Probably the easiest way to setup new beacon notifications in Cobalt Strike

burp2malleable

Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles

busysleepbeacon

This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built in Sleep() call. Most of the structure e.g. Sleep hook, shellcode exec etc. are taken from mgeeky's https://github.com/mgeeky/ShellcodeFluctuation.

cobaltstrike-headless

Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.

cobaltstrike-sleepmask-yara

Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs

cobaltstrikesoundboard

codextf2

codextf2.github.io

dearg-thread-ipc-stealth

A novel technique to communicate between threads using the standard ETHREAD structure

dynamicwrapperdotnet

Dynamically Loads Assembly and Calls Methods from JScript

ekko

Sleep Obfuscation

evasion-adventures-files

Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"

ghost

A sample client/server architecture

goautodial-rce-exploit

Pops a shell on a goautodial server

havocnotion

A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally safe or stable, built as a PoC to showcase Havoc C2's modular C2 channel interface.

james-server-rce

Improved version of the james server RCE. Spawns a reverse shell that can bypass rbash ;)

lockbit-black-builder

maldev-links

My collection of malware dev links

my-bashrc

My bashrc file

pyhmmm

Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog post as a tutorial sample

rogue

A barebones template of 'rogue' aka a simple recon and agent deployment I built to communicate over ICMP. Well, without the ICMP code.

schoolproj-fork

screenshotbof

An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

sharpawareness

Light and more OPSEC friendly way for red teamers to gain quick situational awareness of both the host and the user.

simulated-user

sliver

Adversary Emulation Framework

titan

Titan: A generic user defined reflective DLL for Cobalt Strike

titanldr-ng

A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.