HTTP Toolkit

Targeted interception for specific clients rather than intercepting everything and so avoids capturing irrelevant traffic or disrupting other applications

httptoolkit.com

PolarProxy

  • Custom TLS Redirection

One new feature in PolarProxy is the --redirect argument, which can be used to redirect TLS traffic destined for a specific domain name to a different domain. This feature can be used to redirect TLS-encrypted malware traffic going to a known C2 domain to a local HTTPS sandbox.

netresec.com/?page=PolarProxy

dns.toys

A DNS server that takes creative liberties with the DNS protocol.

github.com/knadh/dns.toys

MemFiles

Cobalt Strike toolkit to write files produced by Beacon to memory instead of disk

github.com/Octoberfest7/MemFil

BokuLoader

PoC UDRL which aims to recreate, integrate, and enhance Cobalt Strike's evasion features for x64 HTTP/S beacons

github.com/xforcered/BokuLoade

  • MISC peripper

Inject and dump executable code bytes from PE file. Output ̀-f` (format: CSharp | Python)

github.com/daem0nc0re/TangledW

Beacon Object Files

  • BackdoorSCManager/entry.c

Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type « sc.exe sdset scmanager D:(A;;KA;;;WD) » from an elevated command prompt.

github.com/snovvcrash/BOFs

PSBits

  • Misc/BreakChain.c

Simple PoC for self-breaking own parent-child process chain

github.com/gtworek/PSBits

Jarviz v0.2.0

JAR file analyzer. Metadata from a JAR such as its manifest, manifest entries, bytecode versions, declarative services, module descriptors and more

github.com/kordamp/jarviz

Plus anciens
nanao

Comme le soleil, les machines ne se couchent jamais.