#Cobalt_Strike

​​amd ryzen driver exploit

Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).

https://github.com/tijme/amd-ryzen-master-driver-v17-exploit

@BlueRedTeam

#Red_Team

Inline-Execute-PE is a suite of Beacon Object Files (BOF's) and an accompanying Aggressor noscript for #Cobalt_Strike that enables Operators to load unmanaged Windows executables into Beacon memory and execute them, retrieving the output and rendering it in the Beacon console.

https://github.com/Octoberfest7/Inline-Execute-PE

@BlueRedTeam

#Red_Team

NativePayload_PE1/PE2 , Injecting Meterpreter Payload bytes into local Process via Delegation Technique + in-memory with delay Changing RWX to X or RX or (both) [Bypassing AVs].

https://github.com/DamonMohammadbagher/NativePayload_PE1

@BlueRedTeam

#Red_Team

This tool is used for backdoor and shellcode generation for various architecture devices.

https://github.com/doudoudedi/hackEmbedded

@BlueRedTeam

#Red_Team

The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside indicate raw bytes.

This will help to bypass WAF and execute PHP reverse shell for RCE.

https://gist.github.com/0xSojalSec/5bee09c7035985ddc13fddb16f191075

@BlueRedTeam

#​​Cobalt_Strike Beacon Notifier

A #?Cobalt Strike Beacon Notifier Via #Telegram #Bot.

Features:
▫️ Showing the Name of the Current User
▫️ Showing the Computer Name of the Current User
▫️ Showing the Type and Version of the Operating System
▫️ Showing the Type of the Process Exec Name
▫️ Showing the Internal IP of the System
▫️ Showing the Enternal IP of the System

https://github.com/lynxbinz/CS-Beacon-Notifier

@BlueRedTeam

#Red_Team

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll, and trigger exported APIs from the export table.

https://github.com/TheD1rkMtr/NTDLLReflection

@BlueRedTeam

#Red_Team

​​Red_Team_Code_Snippets

A disorganized repository of code snippets that I have found useful in getting the hang of new languages in the context of Red Team operations.

Some of this code will be referenced in other products and is retained here for ease of access.

https://github.com/0xTriboulet/Red_Team_Code_Snippets

@BlueRedTeam

#Cobalt_Strike

This repository contains a collection of tools that integrate with Cobalt Strike through Beacon Object Files (BOFs).

https://github.com/REDMED-X/OperatorsKit

@BlueRedTeam

For Advertising And Contact
@NetPwn
برای تبلیغات و تبادل و ارتباط
@netpwn

#Cobalt_Strike

This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI.

https://github.com/chvancooten/NimPlant

@BlueRedTeam

#Cobalt_Strike

Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray

https://github.com/Hagrid29/BOF-SprayAD

@BlueRedTeam

BOF - DomainPasswordSpray

A fork of SprayAD BOF. Perform LDAP-based or Kerberos-based password spray using Windows API LogonUserSSPI. Skip disabled accounts, locked accounts and large BadPwdCount (if specified).
Usage

Kerberos-based password spray

SprayAD --userlist /tmp/userlist.txt --password P@ssw0rd

Skip users that the number of times the user tried to log on with incorrect password larger than 2

SprayAD --userlist /tmp/userlist.txt --password P@ssw0rd --MaxBadPwdCount 2

LDAP-based password spray

SprayAD --userlist /tmp/userlist.txt --password P@ssw0rd --MaxBadPwdCount 2 --authservice ldap

Compile

cd SOURCE
make

@BlueRedTeam

#Cobalt_Strike

Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer

https://github.com/Hagrid29/BOF-RemoteRegSave

@BlueRedTeam

BOF - RemoteRegSave

A fork of RegSave BOF. Dump SAM/SYSTEM/SECURITY registry key hives on local or remote computer using RegConnectRegistryA and RegOpenKeyExA for offline parsing and hash extraction.

Usage

Dump registry key hives on local computer (admin elevation required)

RegSave --path [file path <optional>]

Dump registry key hives on remote computer (automatically enable service RemoteRegistry if disabled)

RegSave --pc remotePC --path [file path <optional>]
shell copy \\remoteSrv\C$\Windows\temp\HG029* .

Compile

cd SOURCE
make

@BlueRedTeam

#Red_Team

​​A Red-Teamer diaries

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

https://github.com/ihebski/A-Red-Teamer-diaries

@BlueRedTeam

#webshell

A modular multi-language webshell.

https://github.com/kraken-ng/Kraken

@BlueRedTeam

#Red_Team

A very basic, single-file, #PHPshell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this noscript represents a security risk for the server.

https://github.com/flozz/p0wny-shell

@BlueRedTeam

CSharp Alternative Shellcode Callbacks

Alternative #shellcode execution techniques using Windows callback functions

Each CSharp file contains code to execute shellcode using native Windows callbacks. I tried to use much less common callback techniques that weren't typically documented online as far as I could tell. This way they should be more evasive.

https://github.com/wsummerhill/CSharp-Alt-Shellcode-Callbacks
@BlueTeamkit
@BlueRedTeam

#​​ShellGo

Simple Shellcode Loader tool.

https://github.com/BlackShell256/ShellGo

@BlueRedTeam

#shellcode

Shellcode loader, hooks detector and more written in Golang.

https://github.com/D3Ext/Hooka

@BlueRedTeam