POC for Cobalt Strike external C2
PoC to demonstrate how CLR ETW events can be tampered.
A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
Zipper, a CobaltStrike file and folder compression utility.
LSASS memory dumper using direct system calls and API unhooking.
Ps-Tools, an advanced process monitoring toolkit for offensive operations
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
... I send out a list of most interesting libraries and apps in the "C" section to about 1100 subscribers.
Do you want it too?