C2-Tool-Collection
Windows exploit tools
Tools for exploiting vulnerabilities in Windows systems and gathering information about networked computers.
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
1k stars
19 watching
195 forks
Language: C
last commit: about 1 year ago
Linked from 1 awesome list
uhub/awesome-cRelated projects:
| Repository | Description | Stars |
|---|---|---|
| outflanknl/inlinewhispers | Tool to generate inline assembly code for direct system calls in COBalt Strike's Beacon Object Files (BOF) | 308 |
 pyroxenites/boftools | A collection of tools and techniques for exploiting vulnerabilities in software applications. | 17 |
| outflanknl/spray-ad | Automates an Active Directory password spraying attack to identify weak or guessable passwords | 425 |
 matterpreter/offensivecsharp | A collection of C# tooling and POCs for operating system exploitation and vulnerability assessment. | 1,381 |
| outflanknl/findobjects-bof | An exploit tool that uses direct system calls to enumerate processes based on specific loaded modules or process handles | 266 |
| outflanknl/wdtoggle | A tool to enable WDigest credential caching using direct system calls in Cobalt Strike | 213 |
 espressocake/firewall_walker_bof | An exploit technique allowing interaction with Windows software firewall via COM interfaces. | 100 |
 enkomio/alanframework | A post-exploitation framework that enables red-team activities by providing a set of tools for infiltrating and controlling systems remotely. | 462 |
 octoberfest7/cve-2023-36874_bof | An exploit tool for a Windows vulnerability allowing an attacker to run arbitrary code as SYSTEM on Windows 10 and Windows 11 | 201 |
| outflanknl/invoke-adlabdeployer | Automates deployment of Windows and Active Directory test lab networks. | 479 |
| outflanknl/helpcolor | Lists available Cobalt Strike beacon commands and colors them based on their type | 189 |
| outflanknl/sharphide | Creates hidden registry keys to persist data despite DFIR investigation | 465 |
 bluscreenofjeff/aggressorscripts | A collection of Cobalt Strike scripts designed to facilitate red teaming and exploitation | 787 |
 rkervella/carbonmonoxide | A toolkit for evading endpoint detection and response (EDR) by combining techniques to spoof system properties and inject malicious code. | 23 |
 wkl-sec/hiddendesktop | An implementation of HVNC for Cobalt Strike, allowing operators to interact with remote desktop sessions without user knowledge. | 1,163 |