boku7 Goto Github PK
Name: Bobby Cooke
Type: User
Company: IBM X-Force Red Adversary Simulation
Bio: Adversary Simulation @ IBM X-Force Red
Twitter: 0xBoku
Location: United States
Blog: https://0xBoku.com
Name: Bobby Cooke
Type: User
Company: IBM X-Force Red Adversary Simulation
Bio: Adversary Simulation @ IBM X-Force Red
Twitter: 0xBoku
Location: United States
Blog: https://0xBoku.com
Exploit Development files for aCal web application - reflected XSS to RCE.
Cobalt Strike UDRL for memory scanner evasion.
Azure DevOps Services Attack Toolkit
A .NET Framework 4.0 Windows Agent
Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks
Splitter script to identify Anti-Virus signature of an executable
Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position.
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
Insecure Service File Permissions in bd service in Real Time Logics BarracudaDrive v6.5 allows local attackers to escalate privileges to admin via replacing the bd.exe file and restarting the computer where it will be run as 'LocalSystem' on the next startup automatically.
Former attempt at creating a independent Cobalt Strike Beacon
Blog
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
Cheat sheets for various projects.
Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.
Situational Awareness commands implemented using Beacon Object Files
Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal
Impacket implementation of CVE-2021-1675
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
Extension functionality for the NightHawk operator client
The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
Python scripts for fuzzing FTP servers, with percision, over TCP
GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.