claysec 最近的时间轴更新

claysec's repos on GitHub

C · 1402 人关注

BokuLoader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

JavaScript · 1302 人关注

Loki

🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications

C · 502 人关注

azureOutlookC2

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

C · 469 人关注

spawn

Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.

C · 454 人关注

Ninja_UUID_Runner

Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

Python · 425 人关注

venom

Venom C2 is a dependency‑free Python3 Command & Control framework for redteam persistence

C · 382 人关注

injectAmsiBypass

Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

C · 300 人关注

injectEtwBypass

CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)

C · 290 人关注

HOLLOW

EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

C · 285 人关注

StringReaper

Reaping treasures from strings in remote processes memory

C · 236 人关注

AsmHalosGate

x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks

C · 195 人关注

patchwerk

BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)

C · 183 人关注

whereami

Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.

Assembly · 132 人关注

winx64-InjectAllProcessesMeterpreter-Shellcode

64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.

C · 108 人关注

HellsGatePPID

Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process

C · 107 人关注

halosgate-ps

Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes

JavaScript · 104 人关注

XSS-Clientside-Attacks

A repository of JavaScript XSS attacks against client browsers

C · 100 人关注

Nobelium-PdfDLRunAesShellcode

A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn

C · 95 人关注

xPipe

Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions

Assembly · 65 人关注

x64win-DynamicNoNull-WinExec-PopCalc-Shellcode

64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free

Assembly · 39 人关注

x64win-AddRdpAdminShellcode

64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"

Python · 25 人关注

tailorMS-rXSS-Keylogger

Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.

Python · 21 人关注

StockManagement-XSS-Login-CredHarvester

Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Stock Management System v1.0 allows remote attackers to harvest login credentials & session cookie via unauthenticated victim clicking malicious URL and entering credentials.

15 人关注

DarkWidow

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

15 人关注

OffensiveRust

Rust Weaponization for Red Team Engagements.

Python · 14 人关注

gsSMTP-Csrf2Xss2RCE

13 人关注

SCMKit

Source Code Management Attack Toolkit

Python · 12 人关注

LibreHealth-authRCE

LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the hosting webserver via uploading a maliciously crafted image.

Python · 11 人关注

CVE-2020-23839

Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal

Python · 11 人关注

gsCMS-CustomJS-Csrf2Xss2Rce

GetSimple CMS Custom JS Plugin Exploit RCE Chain

HTML · 10 人关注

boku7.github.io

Blog

Assembly · 10 人关注

slae64

Repo for SLAE64 Exam

Python · 9 人关注

GetSimple-SmtpPlugin-CSRF2RCE

GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE

7 人关注

Ares

Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique

7 人关注

beacon

Former attempt at creating a independent Cobalt Strike Beacon

Python · 7 人关注

BikeRental-FU-RCE

7 人关注

LoudSunRun

My shitty attempt at tampering with the callstack based on the work of namazso, SilentMoonWalk, and VulcanRaven

6 人关注

Apollo

A .NET Framework 4.0 Windows Agent

Python · 6 人关注

onlineCourseReg-RCE

From 0 to Remote Code Execution - exploit development files for Online Course Registration Web Application RCE

5 人关注

DayBird

Extension functionality for the NightHawk operator client

5 人关注

GraphRunner

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

4 人关注

ADOKit

Azure DevOps Services Attack Toolkit

4 人关注

BOFMask

Python · 4 人关注

fuzzingFTP

Python scripts for fuzzing FTP servers, with percision, over TCP

Python · 4 人关注

homeRent-SQLi-RCE

House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability allowing remote attackers to execute arbitrary code on the hosting webserver via sending a malicious POST request.

C · 3 人关注

AceLdr

Cobalt Strike UDRL for memory scanner evasion.

3 人关注

KernelCallbackTable-Injection

Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html

XSLT · 3 人关注

LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Assembly · 3 人关注

slae32

Repo for all SLAE32 Exam Assignments

Python · 2 人关注

aCal-RCE

Exploit Development files for aCal web application - reflected XSS to RCE.

Shell · 2 人关注

AV_Bypass-Splitter

Splitter script to identify Anti-Virus signature of an executable

2 人关注

Azur3Alph4

Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position.

2 人关注

burp-jars

2 人关注

HellsGate

Original C Implementation of the Hell's Gate VX Technique

2 人关注

Malleable-C2-Profiles

Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.

2 人关注

nt5src

Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.

2 人关注

OSEP-Code-Snippets

A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.

2 人关注

RedLizard

RedLizard Rust TCP Reverse Shell Server/Client

2 人关注

StandIn

StandIn is a small .NET35/45 AD post-exploitation toolkit

PowerShell · 2 人关注

TokenTactics

Azure JWT Token Manipulation Toolset

2 人关注

Windows_LPE_AFD_CVE-2023-21768

LPE exploit for CVE-2023-21768

1 人关注

BarracudaDrivev6.5-LocalPrivEsc

Insecure Service File Permissions in bd service in Real Time Logics BarracudaDrive v6.5 allows local attackers to escalate privileges to admin via replacing the bd.exe file and restarting the computer where it will be run as 'LocalSystem' on the next startup automatically.

1 人关注

CheatSheets

Cheat sheets for various projects.

1 人关注

cobalt_strike_extension_kit

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

1 人关注

CS-Situational-Awareness-BOF

Situational Awareness commands implemented using Beacon Object Files

1 人关注

CVE-2021-1675

Impacket implementation of CVE-2021-1675