HTTP Toolkit
Targeted interception for specific clients rather than intercepting everything and so avoids capturing irrelevant traffic or disrupting other applications
Understanding a Payload's Life
https://attl4s.github.io/assets/pdf/Understanding_a_Payloads_Life.pdf
PolarProxy
Custom TLS Redirection
One new feature in PolarProxy is the
--redirect
argument, which can be used to redirect TLS traffic destined for a specific domain name to a different domain. This feature can be used to redirect TLS-encrypted malware traffic going to a known C2 domain to a local HTTPS sandbox.
bootlicker
UEFI bootkit used to achieve initial usermode execution
dns.toys
A DNS server that takes creative liberties with the DNS protocol.
MemFiles
Cobalt Strike toolkit to write files produced by Beacon to memory instead of disk
BokuLoader
PoC UDRL which aims to recreate, integrate, and enhance Cobalt Strike's evasion features for x64 HTTP/S beacons
Windows LPE via StorSvc (writable SYSTEM path DLL hijacking)
peripper
Inject and dump executable code bytes from PE file. Output ̀-f` (format: CSharp | Python)
https://github.com/daem0nc0re/TangledWinExec/tree/main/Misc#peripper
Beacon Object Files
BackdoorSCManager/entry.c
Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type « sc.exe sdset scmanager D:(A;;KA;;;WD) » from an elevated command prompt.
PSBits
Misc/BreakChain.c
Simple PoC for self-breaking own parent-child process chain
Jarviz v0.2.0
JAR file analyzer. Metadata from a JAR such as its manifest, manifest entries, bytecode versions, declarative services, module descriptors and more
PingCastle 3.0.0.0
247365