Simple C# Redirector

ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.

Python tool for converting files and office documents to Markdown.

Payload development framework

Stage 0

Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process

Mythic C2 Agent written in x64 PIC C

Windows batch script that finds misconfiguration issues which can lead to privilege escalation.

Situational Awareness commands implemented using Beacon Object Files

A collection of position independent coding resources

Aims to identify sleeping beacons

Killer is a simple tool designed to bypass AV/EDR security tools using various evasive techniques.

Post-Ex BOF tooling for Hannibal

DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely

C++ self-Injecting dropper based on various EDR evasion techniques.

Cybersources is a repository that curates a comprehensive collection of cybersecurity tools and resources, aiming to enhance knowledge, skills, and collaboration within the cybersecurity community.

A BOF that runs unmanaged PEs inline

Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/.

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

LLM Agent and Evaluation Framework for Autonomous Penetration Testing

Windows Dependencies

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.

The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

A PoC implementation for dynamically masking call stacks with timers.