HTTP Toolkit

Targeted interception for specific clients rather than intercepting everything and so avoids capturing irrelevant traffic or disrupting other applications


  • Custom TLS Redirection

One new feature in PolarProxy is the --redirect argument, which can be used to redirect TLS traffic destined for a specific domain name to a different domain. This feature can be used to redirect TLS-encrypted malware traffic going to a known C2 domain to a local HTTPS sandbox.

A DNS server that takes creative liberties with the DNS protocol.


Cobalt Strike toolkit to write files produced by Beacon to memory instead of disk


PoC UDRL which aims to recreate, integrate, and enhance Cobalt Strike's evasion features for x64 HTTP/S beacons

  • MISC peripper

Inject and dump executable code bytes from PE file. Output ̀-f` (format: CSharp | Python)

Beacon Object Files

  • BackdoorSCManager/entry.c

Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type « sc.exe sdset scmanager D:(A;;KA;;;WD) » from an elevated command prompt.


  • Misc/BreakChain.c

Simple PoC for self-breaking own parent-child process chain

Jarviz v0.2.0

JAR file analyzer. Metadata from a JAR such as its manifest, manifest entries, bytecode versions, declarative services, module descriptors and more

Plus anciens

Comme le soleil, les machines ne se couchent jamais.