CodeX's Projects
Cobalt Strike UDRL for memory scanner evasion.
forked for safekeeping
Probably the easiest way to setup new beacon notifications in Cobalt Strike
Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles
This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built in Sleep() call. Most of the structure e.g. Sleep hook, shellcode exec etc. are taken from mgeeky's https://github.com/mgeeky/ShellcodeFluctuation.
Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.
Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs
Misc utils I made here and there, collected in one place
A novel technique to communicate between threads using the standard ETHREAD structure
Dynamically Loads Assembly and Calls Methods from JScript
Sleep Obfuscation
Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
A sample client/server architecture
Pops a shell on a goautodial server
A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally safe or stable, built as a PoC to showcase Havoc C2's modular C2 channel interface.
Improved version of the james server RCE. Spawns a reverse shell that can bypass rbash ;)
My collection of malware dev links
My bashrc file
Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog post as a tutorial sample
A barebones template of 'rogue' aka a simple recon and agent deployment I built to communicate over ICMP. Well, without the ICMP code.
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.
Light and more OPSEC friendly way for red teamers to gain quick situational awareness of both the host and the user.
Adversary Emulation Framework
Titan: A generic user defined reflective DLL for Cobalt Strike