boku7 Goto Github PK

acal-rce

Exploit Development files for aCal web application - reflected XSS to RCE.

aceldr

Cobalt Strike UDRL for memory scanner evasion.

adokit

Azure DevOps Services Attack Toolkit

apollo

A .NET Framework 4.0 Windows Agent

ares

Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique

asmhalosgate

x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks

av_bypass-splitter

Splitter script to identify Anti-Virus signature of an executable

azur3alph4

Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position.

azureoutlookc2

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

barracudadrivev6.5-localprivesc

Insecure Service File Permissions in bd service in Real Time Logics BarracudaDrive v6.5 allows local attackers to escalate privileges to admin via replacing the bd.exe file and restarting the computer where it will be run as 'LocalSystem' on the next startup automatically.

beacon

Former attempt at creating a independent Cobalt Strike Beacon

bikerental-fu-rce

bofmask

boku7.github.io

Blog

bokuloader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

burp-jars

cheatsheets

Cheat sheets for various projects.

cobalt_strike_extension_kit

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

cs-situational-awareness-bof

Situational Awareness commands implemented using Beacon Object Files

cve-2020-23839

Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal

cve-2021-1675

Impacket implementation of CVE-2021-1675

darkwidow

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

daybird

Extension functionality for the NightHawk operator client

dll-injection-by-createremotethread

domquestpro-seh-bof

edrs

elevatekit

The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.

fuzzingftp

Python scripts for fuzzing FTP servers, with percision, over TCP

getsimple-smtpplugin-csrf2rce

GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE

graphrunner

A Post-exploitation Toolset for Interacting with the Microsoft Graph API