Bobby Cooke
Bobby Cooke
AsmHalosGate
x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks
azureOutlookC2
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Micro...
BokuLoader
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
halosgate-ps
Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
HellsGatePPID
Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
HOLLOW
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
injectAmsiBypass
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
injectEtwBypass
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
Ninja_UUID_Runner
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
Nobelium-PdfDLRunAesShellcode
A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn