Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

Hardcore Debugging

Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles

Rapidly Search and Hunt through Windows Forensic Artefacts

.NET deobfuscator and unpacker.

Interesting APT Report Collection And Some Special IOC

PowerShell Memory Pulling script

A .NET Runtime for Cobalt Strike's Beacon Object Files

Inject .NET assemblies into an existing process

Hide your payload in DNS

ScareCrow - Payload creation framework designed around EDR bypass.

A beacon generator using Cobalt Strike and a variety of tools.

Execute ELF files without dropping them on disk

The multi-platform memory acquisition tool.

PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.

Microsoft Sentinel SOC Operations

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

How to use an Ubuntu VM for egress

CyCAT.org API back-end server including crawlers

Self-developed tools for Lateral Movement/Code Execution

An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

Standalone binaries for Linux/Windows of Impacket's examples

Mini Web server that let others upload files to your computer

HoneyCreds network credential injection to detect responder and other network poisoners.

Evasive shellcode loader for bypassing event-based injection detection (PoC)

A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention.

Red Team Tactics, Techniques, and Procedures