claysec's recent timeline updates
claysec's repos on GitHub
C · 1418 watchers
BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
JavaScript · 1351 watchers
Loki
🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications
C · 501 watchers
azureOutlookC2
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
C · 467 watchers
spawn
Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.
C · 450 watchers
Ninja_UUID_Runner
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
Python · 432 watchers
venom
Venom C2 is a dependency‑free Python3 Command & Control framework for redteam persistence
C · 380 watchers
injectAmsiBypass
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
C · 300 watchers
injectEtwBypass
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
C · 290 watchers
HOLLOW
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
C · 288 watchers
StringReaper
Reaping treasures from strings in remote processes memory
C · 240 watchers
AsmHalosGate
x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks
C · 217 watchers
patchwerk
BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
C · 186 watchers
whereami
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.
Assembly · 131 watchers
winx64-InjectAllProcessesMeterpreter-Shellcode
64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
C · 109 watchers
halosgate-ps
Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
C · 107 watchers
HellsGatePPID
Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
JavaScript · 106 watchers
XSS-Clientside-Attacks
A repository of JavaScript XSS attacks against client browsers
C · 99 watchers
Nobelium-PdfDLRunAesShellcode
A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
C · 97 watchers
xPipe
Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
Assembly · 65 watchers
x64win-DynamicNoNull-WinExec-PopCalc-Shellcode
64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free
Assembly · 38 watchers
x64win-AddRdpAdminShellcode
64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"
Python · 25 watchers
tailorMS-rXSS-Keylogger
Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.
Python · 21 watchers
StockManagement-XSS-Login-CredHarvester
Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Stock Management System v1.0 allows remote attackers to harvest login credentials & session cookie via unauthenticated victim clicking malicious URL and entering credentials.
16 watchers
OffensiveRust
Rust Weaponization for Red Team Engagements.
15 watchers
DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
Python · 14 watchers
gsSMTP-Csrf2Xss2RCE
13 watchers
SCMKit
Source Code Management Attack Toolkit
Python · 12 watchers
LibreHealth-authRCE
LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the hosting webserver via uploading a maliciously crafted image.
Python · 11 watchers
CVE-2020-23839
Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal
Python · 11 watchers
gsCMS-CustomJS-Csrf2Xss2Rce
GetSimple CMS Custom JS Plugin Exploit RCE Chain
Assembly · 11 watchers
slae64
Repo for SLAE64 Exam
HTML · 10 watchers
boku7.github.io
Blog
Python · 9 watchers
GetSimple-SmtpPlugin-CSRF2RCE
GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE
7 watchers
Ares
Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
7 watchers
beacon
Former attempt at creating a independent Cobalt Strike Beacon
Python · 7 watchers
BikeRental-FU-RCE
7 watchers
LoudSunRun
My shitty attempt at tampering with the callstack based on the work of namazso, SilentMoonWalk, and VulcanRaven
6 watchers
Apollo
A .NET Framework 4.0 Windows Agent
Python · 6 watchers
onlineCourseReg-RCE
From 0 to Remote Code Execution - exploit development files for Online Course Registration Web Application RCE
5 watchers
DayBird
Extension functionality for the NightHawk operator client
5 watchers
GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
4 watchers
ADOKit
Azure DevOps Services Attack Toolkit
4 watchers
BOFMask
Python · 4 watchers
fuzzingFTP
Python scripts for fuzzing FTP servers, with percision, over TCP
Python · 4 watchers
homeRent-SQLi-RCE
House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability allowing remote attackers to execute arbitrary code on the hosting webserver via sending a malicious POST request.
C · 3 watchers
AceLdr
Cobalt Strike UDRL for memory scanner evasion.
3 watchers
KernelCallbackTable-Injection
Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
XSLT · 3 watchers
LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Assembly · 3 watchers
slae32
Repo for all SLAE32 Exam Assignments
Python · 2 watchers
aCal-RCE
Exploit Development files for aCal web application - reflected XSS to RCE.
Shell · 2 watchers
AV_Bypass-Splitter
Splitter script to identify Anti-Virus signature of an executable
2 watchers
Azur3Alph4
Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position.
2 watchers
burp-jars
2 watchers
HellsGate
Original C Implementation of the Hell's Gate VX Technique
2 watchers
Malleable-C2-Profiles
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
2 watchers
nt5src
Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.
2 watchers
RedLizard
RedLizard Rust TCP Reverse Shell Server/Client
2 watchers
StandIn
StandIn is a small .NET35/45 AD post-exploitation toolkit
PowerShell · 2 watchers
TokenTactics
Azure JWT Token Manipulation Toolset
2 watchers
Windows_LPE_AFD_CVE-2023-21768
LPE exploit for CVE-2023-21768
1 watchers
BarracudaDrivev6.5-LocalPrivEsc
Insecure Service File Permissions in bd service in Real Time Logics BarracudaDrive v6.5 allows local attackers to escalate privileges to admin via replacing the bd.exe file and restarting the computer where it will be run as 'LocalSystem' on the next startup automatically.
1 watchers
CheatSheets
Cheat sheets for various projects.
1 watchers
cobalt_strike_extension_kit
Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.
1 watchers
CS-Situational-Awareness-BOF
Situational Awareness commands implemented using Beacon Object Files
1 watchers
CVE-2021-1675
Impacket implementation of CVE-2021-1675
1 watchers
ElevateKit
The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
1 watchers
Havoc
The Havoc Framework
1 watchers
msspray
Password attacks and MFA validation against various endpoints in Azure and Office 365
1 watchers
OSEP-Code-Snippets
A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
1 watchers
SourcePoint
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
1 watchers
Talon
(Demo) 3rd party agent for Havoc
Python · 1 watchers
xdev-templates
Random helpful xdev templates
Python · 0 watchers
domQuestPro-SEH-BOF
0 watchers
EDRs
0 watchers
h0mbre.github.io
0 watchers
PrintNightmare
claysec

claysec

V2EX member #210570, joined on 2017-01-12 17:59:08 +08:00
Per claysec's settings, the topics list is hidden
Deals info, including closed deals, is not hidden
claysec's recent replies
去大医院看看吧。别瞎搞
@lauix 那这样的话我建议搞个一键下载的功能,然后可以优化下单个下载的时候不允许点击其他下载,我觉得这样的逻辑会好很多
我已经用 SIYuan + S3 方式进行异地备份,S3 那边考虑在开多一个异地桶进行桶和桶之间的备份
@Rooger 厉害啊,自律得这么好,我想问问的就是背英语四级常用单词这个,是每天都在地铁里面碎片化学习吗,用的是什么软件,我有用过一些软件但是我都觉得不太符合我的习惯
Sep 19, 2023
Replied to a topic by mdi0678713 问与答 大家前进的动力,都是什么?
@coderluan
@xuzb0312 太真实了。我现在每天都是这样
About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   3430 Online   Highest 6679   ·     Select Language
创意工作者们的社区
World is powered by solitude
VERSION: 3.9.8.5 · 21ms · UTC 00:37 · PVG 08:37 · LAX 17:37 · JFK 20:37
♥ Do have faith in what you're doing.