aancw
Follow
Redteam
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…
A list of all the DLLs export in C:\windows\system32\
resource-based constrained delegation RBCD
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Nim-based assembly packer and shellcode loader for opsec & profit
A small POC to make defender useless by removing its token privileges and lowering the token integrity
Beacon Object File PoC implementation of KillDefender
This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of almost any SYSTEM process.
C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
Start new PowerShell without etw and amsi in pure nim
Syscall Shellcode Loader (Work in Progress)
A protective and Low Level Shellcode Loader that defeats modern EDR systems.
Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.
Read Memory without ReadProcessMemory for Current Process
A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
Disposable and resilient red team infrastructure with Terraform
AV/EDR Evasion Lab for Training & Learning Purposes
PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
Modified versions of the Cobalt Strike Process Injection Kit
This map lists the essential techniques to bypass anti-virus and EDR