64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
created at May 1, 2021, 3:39 p.m.
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
created at July 19, 2021, 12:08 a.m.
Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
created at Aug. 5, 2021, 2:53 a.m.
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
created at Aug. 15, 2021, 6:17 p.m.
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
created at Sept. 10, 2021, 2 a.m.
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
created at Sept. 21, 2021, 11:06 p.m.
Module Stomping, No New Thread, HellsGate syscaller, UUID Dropper for x64 Windows 10!
created at Oct. 5, 2021, 7:14 p.m.
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. By: @0xBoku & @s4ntiago_p
created at Aug. 15, 2021, 6:17 p.m.