Cobalt Strike for free!? Adaptix C2 (HackerRalf) is the best open source C2 I've used since Havoc (5pider). SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server + client, especially on 🏟️Ludus with our new role: github.com/badsectorlabs/…

rssh-rs is a reflective DLL that performs some hacky integration with your favorite C2 Framework to provide SSH session access from a Beacon session. github.com/0xTriboulet/rs…

Explore various techniques for remote code execution and thread manipulation on Windows, originating from the CONTEXT struct - github.com/Friends-Securi…

Good morning! I just published a blog post about a KASLR bypass that works on modern Windows 11 versions. It leverages Intel CPU cache timings to exfiltrate the base address of ntoskrnl.exe. I hope you like it! r0keb.github.io/posts/Bypassin…

UDRL + Sleepmask is pretty powerful. You can extend Cobalt Strike's BeaconGate functionality to any API you want, no longer limiting you to the officially supported set of API's. Attached example shows proxying HttpOpenRequestA through BeaconGate

AdaptixC2 v0.6 is out github.com/Adaptix-Framew… * Updated agent console with flexible settings * Notifications in Telegram * OTP for file and command synchronization * New Dracula theme * Update to Golang 1.24.4 Full update information: adaptix-framework.gitbook.io/adaptix-framew…

Read our new article about privilege escalation via SymLinks! You will learn how to abuse arbitrary deletion, copying, overwriting, we will show you a couple of tricks and teach you a new interesting way to bypass UAC :) cicada-8.medium.com/were-going-the…

BOFs are powerful, but error-prone! We dropped a post and new BOF linting tool to catch bugs early, and to prevent crashing implants. This will speed up your Beacon Object File dev workflow. If you're building custom C2 payloads, it's a must-read. 🔍 📖 outflank.nl/blog/2025/06/3…

🆕 Recent additions to LOLBAS-Project.github.io: • shell32.dll,#44 for DLL execution • PhotoViewer.dll for INetCache download • winget.exe for AWL Bypass • mmc.exe for download (via GUI) • cipher.exe for anti-forensics ➕: the #LOLBAS project now supports dark mode 😎

An increased visibility into threads' call stacks helps with more reliable malware detection. The approach is based on ETW telemetry and module's Export Directory data for information enrichment. A post by John Uhlmann of Elastic Security Labs. Great read! #redteam #blueteam #maldev

🧪 New technique: DreamWalkers A reflective shellcode loader that crafts a synthetic, clean call stack. Achieving stealthy execution from memory-mapped modules. 🔗 maxdcb.github.io/DreamWalkers/ #MalwareResearch #RedTeam #WindowsInternals #OffSec

DreamWalkers: Reflective shellcode loader with advanced call stack spoofing and .NET support github.com/maxDcb/DreamWa…

VEH² technique to bypass ETW-based detection. Hardware breakpoints abuse can be detected with Microsoft-Windows-Kernel-Audit-API-Calls provider by looking into NtSetContextThread() calls. VEH² uses two vector exception handlers to change the thread's context without calling

I just published a new post on Red Team Tactics: Evading EDR on Linux with io_uring, and also shared the RingReaper project I used for the POC. RingReaper: github.com/MatheuZSecurit… Article: matheuzsecurity.github.io/hacking/evadin… #malware #c2 #io_uring #redteam

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

A new life of reflective DLLs - fixing call stacks. Registering a proper unwinding information from .pdata section with RtlAddFunctionTable() helps fixing the call stack of a function called from within reflective DLL. Example implementation called DreamWalkers and other

Exciting times. I'm publishing Dittobytes today after presenting it at OrangeCon ! Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode. github.com/tijme/dittobyt…

Sh3ller - a lightweight C2 framework to catch and manage shells github.com/Leo4j/Sh3ller

Hydrangea C2 - A cross-platform, collaborative C2 for red-teaming. Agents are cross-compilable (e.g, you can generate Windows DLLs on Linux), cross-compatible, and built with evasion, anti-analysis and stability in mind. github.com/captain-woof/H…