Skip to content

Files

Latest commit

 

History

History
1035 lines (1035 loc) · 505 KB

GUIDproject_tag_detection.csv

File metadata and controls

1035 lines (1035 loc) · 505 KB
1
keywordmetadata_keyword_regexmetadata_keyword_typemetadata_toolmetadata_descriptionmetadata_tool_techniquesmetadata_tool_tacticsmetadata_malwares_namemetadata_groups_namemetadata_categorymetadata_linkmetadata_enable_endpoint_detectionmetadata_enable_proxy_detectionmetadata_tagsmetadata_commentmetadata_severity_scoremetadata_popularity_scoremetadata_github_starsmetadata_github_forksmetadata_github_updated_atmetadata_github_created_atmetadata_entry_id
2
*00630066-0B43-474E-A93B-417CF1A65195*.{0,1000}00630066\-0B43\-474E\-A93B\-417CF1A65195.{0,1000}offensive_tool_keywordimpersonateA windows token impersonation toolT1134 - T1550TA0004 - TA0003N/AN/ALateral Movementhttps://github.com/sensepost/impersonate10#GUIDprojectN/A104301382023-04-19T12:53:50Z2022-10-28T06:30:02Z20660
3
*00B41CF0-7AE9-4542-9970-77B312412535*.{0,1000}00B41CF0\-7AE9\-4542\-9970\-77B312412535.{0,1000}greyware_tool_keywordSoftEtherVPNCross-platform multi-protocol VPN software abused by attackersT1133 - T1210 - T1573 - T1219 - T1571TA0001 - TA0002 - TA0003 - TA0005 - TA0010N/AGALLIUMDefense Evasionhttps://github.com/SoftEtherVPN/SoftEtherVPN10#GUIDproject #VPNN/A8101218326472025-04-13T22:05:51Z2014-01-02T12:40:57Z20683
4
*00D7268A-92A9-4CD4-ADDF-175E9BF16AE0*.{0,1000}00D7268A\-92A9\-4CD4\-ADDF\-175E9BF16AE0.{0,1000}offensive_tool_keywordr77-rootkitFileless ring 3 rootkit with installer and persistence that hides processes, files, network connectionsT1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009TA0005 - TA0003N/AN/APersistencehttps://github.com/bytecode77/r77-rootkit10#GUIDprojectN/A101018844252025-03-25T17:59:20Z2017-12-17T13:04:14Z20696
5
*015A37FC-53D0-499B-BFFE-AB88C5086040*.{0,1000}015A37FC\-53D0\-499B\-BFFE\-AB88C5086040.{0,1000}offensive_tool_keywordDecryptAutoLogonCommand line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogonT1003.001 - T1555.003 - T1003.006TA0006N/AN/ACredential Accesshttps://github.com/securesean/DecryptAutoLogon10#GUIDprojectN/A103218322020-12-05T16:14:28Z2020-12-03T20:38:59Z20722
6
*01871B2B-B006-4069-997D-BAB3EB216160*.{0,1000}01871B2B\-B006\-4069\-997D\-BAB3EB216160.{0,1000}offensive_tool_keywordCarbanakremote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machinesT1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041TA0006 - TA0008 - TA0010 - TA0011CarbanakFIN7 - CarbanakMalwarehttps://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins10#GUIDprojectN/A1043962232019-05-01T23:31:35Z2019-04-22T21:01:08Z20737
7
*018BD6D4-9019-42FD-8D3A-831B23B47CB2*.{0,1000}018BD6D4\-9019\-42FD\-8D3A\-831B23B47CB2.{0,1000}offensive_tool_keywordROADtokenAbusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure ADT1557 - T1078 - T1071.001 - T1552.001TA0006 N/AN/ACredential Accesshttps://github.com/dirkjanm/ROADtoken10#GUIDprojectN/A7189172020-09-30T16:18:47Z2020-07-21T12:42:14Z20740
8
*01C142BA-7AF1-48D6-B185-81147A2F7DB7*.{0,1000}01C142BA\-7AF1\-48D6\-B185\-81147A2F7DB7.{0,1000}offensive_tool_keywordStandInStandIn is a small .NET35/45 AD post-exploitation toolkitT1087 - T1069 - T1558 - T1204 - T1136 - T1482TA0007 - TA0003 - TA0006 - TA0004N/AN/ADiscoveryhttps://github.com/FuzzySecurity/StandIn10#GUIDprojectN/A987611292023-12-02T21:20:09Z2020-11-05T22:49:27Z20754
9
*0228336A-2F4C-0D17-2E11-86654A1FAD8D*.{0,1000}0228336A\-2F4C\-0D17\-2E11\-86654A1FAD8D.{0,1000}offensive_tool_keywordgh0stMalware RAT with keylogger - dll injection - C2 - Remote controlT1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011GhostRATN/AMalwarehttps://github.com/sin5678/gh0st10#GUIDProjectN/A1065082742013-05-08T21:17:26Z2012-10-05T06:25:36Z20783
10
*022E5A85-D732-4C5D-8CAD-A367139068D8*.{0,1000}022E5A85\-D732\-4C5D\-8CAD\-A367139068D8.{0,1000}offensive_tool_keywordKruegerremotely killing EDR with WDACT1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027TA0005 - TA0040N/AN/ADefense Evasionhttps://github.com/logangoins/Krueger10#GUIDprojectN/A94353422025-01-06T06:57:14Z2024-11-15T20:11:01Z20784
11
*023B2DB0-6DA4-4F0D-988B-4D9BF522DA37*.{0,1000}023B2DB0\-6DA4\-4F0D\-988B\-4D9BF522DA37.{0,1000}offensive_tool_keywordC3Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP - C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.T1071 - T1102 - T1090 - T1573 - T1048TA0011 - TA0002 - TA0005 - TA0010N/AN/AC2https://github.com/WithSecureLabs/C310#GUIDprojectN/A91016022762023-03-04T20:32:13Z2019-08-30T11:21:04Z20788
12
*025280A3-24F7-4C55-9B5E-D08124A52546*.{0,1000}025280A3\-24F7\-4C55\-9B5E\-D08124A52546.{0,1000}offensive_tool_keywordSharpThiefA one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimateT1036 - T1070 - T1078 - T1027 - T1202TA0005 - TA0002 - TA0001N/AN/ADefense Evasionhttps://github.com/INotGreen/SharpThief10#GUIDprojectN/A84372372024-12-17T05:46:39Z2024-03-05T05:34:50Z20794
13
*027FAC75-3FDB-4044-8DD0-BC297BD4C461*.{0,1000}027FAC75\-3FDB\-4044\-8DD0\-BC297BD4C461.{0,1000}offensive_tool_keywordNetRipperNetRipper - Smart traffic sniffing for penetration testersT1173 - T1557 - T1573.001 - T1056.001TA0009 - TA0010N/AN/ASniffing & Spoofinghttps://github.com/NytroRST/NetRipper10#GUIDprojectN/A101013683182022-06-17T21:08:54Z2015-07-14T20:31:04Z20817
14
*027FAC75-3FDB-4044-8DD0-BC297BD4C461*.{0,1000}027FAC75\-3FDB\-4044\-8DD0\-BC297BD4C461.{0,1000}offensive_tool_keywordNetRipperNetRipper - Smart traffic sniffing for penetration testersT1173 - T1557 - T1573.001 - T1056.001TA0009 - TA0010N/AN/ASniffing & Spoofinghttps://github.com/NytroRST/NetRipper10#GUIDprojectN/A101013683182022-06-17T21:08:54Z2015-07-14T20:31:04Z20818
15
*027FAC75-3FDB-4044-8DD0-BC297BD4C461*.{0,1000}027FAC75\-3FDB\-4044\-8DD0\-BC297BD4C461.{0,1000}offensive_tool_keywordNetRipperNetRipper - Smart traffic sniffing for penetration testersT1173 - T1557 - T1573.001 - T1056.001TA0009 - TA0010N/AN/ASniffing & Spoofinghttps://github.com/NytroRST/NetRipper10#GUIDprojectN/A101013683182022-06-17T21:08:54Z2015-07-14T20:31:04Z20819
16
*027FAC75-3FDB-4044-8DD0-BC297BD4C461*.{0,1000}027FAC75\-3FDB\-4044\-8DD0\-BC297BD4C461.{0,1000}offensive_tool_keywordNetRipperNetRipper - Smart traffic sniffing for penetration testersT1173 - T1557 - T1573.001 - T1056.001TA0009 - TA0010N/AN/ASniffing & Spoofinghttps://github.com/NytroRST/NetRipper10#GUIDprojectN/A101013683182022-06-17T21:08:54Z2015-07-14T20:31:04Z20820
17
*027FAC75-3FDB-4044-8DD0-BC297BD4C461*.{0,1000}027FAC75\-3FDB\-4044\-8DD0\-BC297BD4C461.{0,1000}offensive_tool_keywordNetRipperNetRipper - Smart traffic sniffing for penetration testersT1173 - T1557 - T1573.001 - T1056.001TA0009 - TA0010N/AN/ASniffing & Spoofinghttps://github.com/NytroRST/NetRipper10#GUIDprojectN/A101013683182022-06-17T21:08:54Z2015-07-14T20:31:04Z20821
18
*0286bd5f-1a56-4251-8758-adb0338d4e98*.{0,1000}0286bd5f\-1a56\-4251\-8758\-adb0338d4e98.{0,1000}offensive_tool_keywordShimMeInjects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070TA0004 - TA0005 - TA0006 - TA0009N/AN/APrivilege Escalationhttps://github.com/deepinstinct/ShimMe10#GUIDprojectN/A92140202024-10-29T07:33:38Z2024-08-04T10:03:28Z20824
19
*02948DD6-47BD-4C82-9B4B-78931DB23B8A*.{0,1000}02948DD6\-47BD\-4C82\-9B4B\-78931DB23B8A.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z20826
20
*02EF15C0-BA19-4115-BB7F-F5B04F7087FE*.{0,1000}02EF15C0\-BA19\-4115\-BB7F\-F5B04F7087FE.{0,1000}offensive_tool_keywordVectorKernelPoCs for Kernelmode rootkit techniques research.T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518TA0003 - TA0005 - TA0004 - TA0008 - TA0007N/AN/AExploitation toolhttps://github.com/daem0nc0re/VectorKernel/10#GUIDprojectN/A104367602025-01-21T08:22:42Z2023-11-23T12:36:31Z20848
21
*02FAF312-BF2A-466B-8AD2-1339A31C303B*.{0,1000}02FAF312\-BF2A\-466B\-8AD2\-1339A31C303B.{0,1000}offensive_tool_keywordclickjackautomate abuse of clickonce applicationsT1210 - T1204 - T1071.001TA0001 - TA0002 - TA0005N/AN/APhishinghttps://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20861
22
*034B1C28-96B9-486A-B238-9C651EAA32CA*.{0,1000}034B1C28\-96B9\-486A\-B238\-9C651EAA32CA.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z20886
23
*03652836-898E-4A9F-B781-B7D86E750F60*.{0,1000}03652836\-898E\-4A9F\-B781\-B7D86E750F60.{0,1000}offensive_tool_keywordSharpSCCMSharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUIT1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003TA0008 - TA0006 - TA0003 - TA0011N/AN/ALateral Movementhttps://github.com/Mayyhem/SharpSCCM/10#GUIDprojectN/A107626942024-09-16T14:57:49Z2021-08-19T05:09:19Z20891
24
*03A09084-0576-45C5-97CA-B83B1A8688B8*.{0,1000}03A09084\-0576\-45C5\-97CA\-B83B1A8688B8.{0,1000}greyware_tool_keywordmeshcentralMeshCentral is a full computer management web site - abused by attackersT1021 - T1071 - T1090TA0003 - TA0008 - TA0011N/AN/ARMMhttps://github.com/Ylianst/MeshAgent10#GUIDprojectN/A103264962025-03-19T18:43:56Z2017-10-12T21:26:52Z20911
25
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20952
26
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20953
27
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20954
28
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20955
29
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20956
30
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20957
31
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20958
32
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20959
33
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20960
34
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20961
35
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20962
36
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20963
37
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20964
38
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20965
39
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20966
40
*042BF22B-7728-486B-B8C9-D5B91733C46D*.{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}offensive_tool_keywordTsunamianother C2 frameworkT1573 - T1027 - T1059 - T1071 TA0011 - TA0009 - TA0003 - TA0007 - TA0008N/AN/AC2https://github.com/trustedsec/The_Shelf10#GUIDprojectN/A103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z20967
41
*043EE329-C00A-4F67-971F-BF1C55D4BC1A*.{0,1000}043EE329\-C00A\-4F67\-971F\-BF1C55D4BC1A.{0,1000}offensive_tool_keywordMalware RAT collectionfrom Malware RAT samplesT1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007N/AN/AMalwarehttps://github.com/x-cod3r/Remote-administration-tools-archive10#GUIDprojectN/A9193302023-10-03T15:08:22Z2023-10-03T13:09:00Z20975
42
*0472A393-9503-491D-B6DA-FA47CD567EDE*.{0,1000}0472A393\-9503\-491D\-B6DA\-FA47CD567EDE.{0,1000}offensive_tool_keywordntdlll-unhooking-collectionunhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002TA0005N/AN/ADefense Evasionhttps://github.com/TheD1rkMtr/ntdlll-unhooking-collection10#GUIDprojectN/A92188382023-08-02T02:26:33Z2023-02-07T16:54:15Z20990
43
*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*.{0,1000}04DFB6E4\-809E\-4C35\-88A1\-2CC5F1EBFEBD.{0,1000}offensive_tool_keywordEDRSandBlastEDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detectionsT1547.002 - T1055.001 - T1205TA0004 - TA0005N/ACOZY BEARDefense Evasionhttps://github.com/wavestone-cdt/EDRSandblast10#GUIDprojectN/A101016332922024-08-30T20:30:31Z2021-11-02T15:02:42Z21012
44
*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*.{0,1000}04DFB6E4\-809E\-4C35\-88A1\-2CC5F1EBFEBD.{0,1000}offensive_tool_keywordEDRSandblast-GodFaultIntegrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.T1547.002 - T1055.001 - T1205TA0004 - TA0005N/ACOZY BEARDefense Evasionhttps://github.com/gabriellandau/EDRSandblast-GodFault10#GUIDprojectN/A103260482023-08-28T18:14:20Z2023-06-01T19:32:09Z21013
45
*04FC654C-D89A-44F9-9E34-6D95CE152E9D*.{0,1000}04FC654C\-D89A\-44F9\-9E34\-6D95CE152E9D.{0,1000}offensive_tool_keywordPrivFuKernel mode WinDbg extension and PoCs for token privilege investigation.T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001TA0007 - TA0008 - TA0002 - TA0004N/AN/APrivilege Escalationhttps://github.com/daem0nc0re/PrivFu10#GUIDprojectN/A1098491222025-01-21T05:22:50Z2021-12-28T13:14:25Z21020
46
*0527a14f-1591-4d94-943e-d6d784a50549*.{0,1000}0527a14f\-1591\-4d94\-943e\-d6d784a50549.{0,1000}offensive_tool_keywordBadPotatoWindows Privilege Escalation Exploit BadPotatoT1134.001 - T1068 - T1055 - T1546.015TA0004 - TA0006 - TA0011Ghost RansomwareEarth LuscaPrivilege Escalationhttps://github.com/BeichenDream/BadPotato10#GUIDprojectN/A1098361362020-05-10T15:42:21Z2020-05-10T10:01:20Z21039
47
*052C26C0-7979-4555-89CE-34C5CE8D8B34*.{0,1000}052C26C0\-7979\-4555\-89CE\-34C5CE8D8B34.{0,1000}offensive_tool_keywordRevengeRAT-Stub-CssharpRevengeRAT - AsyncRAT Simple RATT1219 - T1055 - T1569.002 - T1035 - T1071 - T1105TA0005 - TA0042 - TA0011N/ATA2541 - APT-C-36C2https://github.com/NYAN-x-CAT/RevengeRAT-Stub-Cssharp10#GUIDprojectN/A101092392020-03-02T11:34:36Z2019-09-15T09:39:07Z21040
48
*055BC73F-FCAE-4361-B035-2E156A101EA9*.{0,1000}055BC73F\-FCAE\-4361\-B035\-2E156A101EA9.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z21048
49
*05B4EB7F-3D59-4E6A-A7BC-7C1241578CA7*.{0,1000}05B4EB7F\-3D59\-4E6A\-A7BC\-7C1241578CA7.{0,1000}offensive_tool_keywordCronos-RootkitCronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.T1055 - T1078 - T1134 - T1562.001TA0001 - TA0003 - TA0004 - TA0005N/AN/APersistencehttps://github.com/XaFF-XaFF/Cronos-Rootkit10#GUIDprojectN/AN/A98991862022-03-29T08:26:03Z2021-08-25T08:54:45Z21069
50
*06AF1D64-F2FC-4767-8794-7313C7BB0A40*.{0,1000}06AF1D64\-F2FC\-4767\-8794\-7313C7BB0A40.{0,1000}offensive_tool_keywordr77-rootkitFileless ring 3 rootkit with installer and persistence that hides processes, files, network connectionsT1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009TA0005 - TA0003N/AN/APersistencehttps://github.com/bytecode77/r77-rootkit10#GUIDprojectN/A101018844252025-03-25T17:59:20Z2017-12-17T13:04:14Z21127
51
*06B2AE2B-7FD3-4C36-B825-1594752B1D7B*.{0,1000}06B2AE2B\-7FD3\-4C36\-B825\-1594752B1D7B.{0,1000}offensive_tool_keywordCable*.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation*T1087 - T1016 - T1059 - T1482 - T1078TA0007 - TA0002 - TA0003 - TA0005N/AN/ADiscoveryhttps://github.com/logangoins/Cable10#GUIDprojectN/A74361402025-04-09T01:12:47Z2024-08-10T19:47:08Z21128
52
*06B2B14A-CE87-41C0-A77A-2644FE3231C7*.{0,1000}06B2B14A\-CE87\-41C0\-A77A\-2644FE3231C7.{0,1000}offensive_tool_keywordxeno-ratXeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much moreT1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011N/AN/AC2https://github.com/moom825/xeno-rat10#GUIDprojectN/A101012253232024-03-05T06:22:36Z2023-10-17T06:41:56Z21129
53
*07628592-5A22-4C0A-9330-6C90BD7A94B6*.{0,1000}07628592\-5A22\-4C0A\-9330\-6C90BD7A94B6.{0,1000}offensive_tool_keywordLocalAdminSharp.NET executable to use when dealing with privilege escalation on Windows to gain local administrator accessT1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004TA0004N/AN/APrivilege Escalationhttps://github.com/notdodo/LocalAdminSharp10#GUIDprojectN/A102157172022-11-01T17:45:43Z2022-01-01T10:35:09Z21183
54
*07DFC5AA-5B1F-4CCC-A3D3-816ECCBB6CB6*.{0,1000}07DFC5AA\-5B1F\-4CCC\-A3D3\-816ECCBB6CB6.{0,1000}offensive_tool_keywordSharpBlackoutTerminate AV/EDR leveraging BYOVD attackT1562.001 - T1050.005TA0005 - TA0003N/AN/ADefense Evasionhttps://github.com/dmcxblue/SharpBlackout10#GUIDprojectN/A10183202025-03-21T16:33:42Z2023-08-23T14:16:40Z21217
55
*07EF7652-1C2D-478B-BB4B-F9560695A387*.{0,1000}07EF7652\-1C2D\-478B\-BB4B\-F9560695A387.{0,1000}offensive_tool_keywordUACMEDefeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.T1548 - T1547 - T1218TA0002 - TA0005 - TA0004N/AEvilnumDefense Evasionhttps://github.com/hfiref0x/UACME10#GUIDprojectN/A1010671113482025-03-09T03:33:26Z2015-03-28T12:04:33Z21224
56
*080A880D-BA94-4CF8-9015-5B2063073E02*.{0,1000}080A880D\-BA94\-4CF8\-9015\-5B2063073E02.{0,1000}offensive_tool_keywordmetasploitMetasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040N/AFANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common RavenFrameworkhttps://github.com/rapid7/metasploit-omnibus10#GUIDprojectN/A1032682132025-04-18T13:17:56Z2015-02-26T18:42:09Z21234
57
*0845B3E9-B6AE-4227-B484-CECBC2EB1C87*.{0,1000}0845B3E9\-B6AE\-4227\-B484\-CECBC2EB1C87.{0,1000}offensive_tool_keywordCarbanakremote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machinesT1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041TA0006 - TA0008 - TA0010 - TA0011CarbanakFIN7 - CarbanakMalwarehttps://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins10#GUIDprojectN/A1043962232019-05-01T23:31:35Z2019-04-22T21:01:08Z21258
58
*089CA7D6-3277-4998-86AF-F6413290A442*.{0,1000}089CA7D6\-3277\-4998\-86AF\-F6413290A442.{0,1000}offensive_tool_keyworddefender-controlAn open-source windows defender manager. Now you can disable windows defender permanentlyT1562.001 - T1562.004 - T1089TA0005 - TA0002N/ALockBitDefense Evasionhttps://github.com/pgkt04/defender-control10#GUIDprojectN/A101016141282023-09-09T14:57:56Z2021-05-15T10:09:17Z21282
59
*08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57*.{0,1000}08AEC00F\-42ED\-4E62\-AE8D\-0BFCE30A3F57.{0,1000}offensive_tool_keywordWDExtractExtract Windows Defender database from vdm files and unpack itT1059 - T1005 - T1119TA0002 - TA0009 - TA0003N/AN/ADefense Evasionhttps://github.com/hfiref0x/WDExtract/10#GUIDprojectN/A85440612020-02-10T06:53:43Z2019-04-19T17:33:48Z21287
60
*08DBC2BF-E9F3-4AE4-B0CC-6E9C8767982D*.{0,1000}08DBC2BF\-E9F3\-4AE4\-B0CC\-6E9C8767982D.{0,1000}offensive_tool_keywordOSEP-Code-Snippetsnotable code snippets for Offensive Security's PEN-300 (OSEP) courseT1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004N/AN/AExploitation toolhttps://github.com/chvancooten/OSEP-Code-Snippets10#GUIDprojectN/A81012544442024-01-04T15:17:17Z2021-03-10T21:34:41Z21299
61
*09323E4D-BE0F-452A-9CA8-B07D2CFA9804*.{0,1000}09323E4D\-BE0F\-452A\-9CA8\-B07D2CFA9804.{0,1000}offensive_tool_keywordCOM-HunterCOM-hunter is a COM Hijacking persistnce tool written in C#T1122 - T1055.012TA0003 - TA0005N/AN/APersistencehttps://github.com/nickvourd/COM-Hunter10#GUIDprojectN/A103289482025-03-11T04:49:55Z2022-05-26T19:34:59Z21323
62
*0971A047-A45A-43F4-B7D8-16AC1114B524*.{0,1000}0971A047\-A45A\-43F4\-B7D8\-16AC1114B524.{0,1000}offensive_tool_keywordBackupOperatorToDAFrom an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain ControllerT1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003TA0005 - TA0001 - TA0003N/AN/APrivilege Escalationhttps://github.com/mpgn/BackupOperatorToDA10#GUIDprojectN/A105421532025-01-04T14:16:46Z2022-02-15T20:51:46Z21341
63
*0A1C2C46-33F7-4D4C-B8C6-1FC9B116A6DF*.{0,1000}0A1C2C46\-33F7\-4D4C\-B8C6\-1FC9B116A6DF.{0,1000}offensive_tool_keywordDllNotificationInjectionA POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.T1055.011 - T1055.001TA0005 - TA0002N/AN/ADefense Evasionhttps://github.com/ShorSec/DllNotificationInjection10#GUIDprojectN/A1012332023-08-23T13:50:27Z2023-12-01T12:47:43Z21390
64
*0A2B3F8A-EDC2-48B5-A5FC-DE2AC57C8990*.{0,1000}0A2B3F8A\-EDC2\-48B5\-A5FC\-DE2AC57C8990.{0,1000}offensive_tool_keywordEventCleanererase specified records from Windows event logsT1070.001TA0005N/AN/ADefense Evasionhttps://github.com/QAX-A-Team/EventCleaner10#GUIDprojectN/A1065991482018-09-07T11:02:01Z2018-07-27T07:37:32Z21393
65
*0A78E156-D03F-4667-B70E-4E9B4AA1D491*.{0,1000}0A78E156\-D03F\-4667\-B70E\-4E9B4AA1D491.{0,1000}offensive_tool_keywordPrivFuPoCs for sensitive token privileges such SeDebugPrivilegeT1068 - T1134 - T1134.001 - T1078 - T1059TA0004 - TA0009 - TA0003N/AN/APrivilege Escalationhttps://github.com/daem0nc0re/PrivFu10#GUIDprojectPrivilegedOperations1098491222025-01-21T05:22:50Z2021-12-28T13:14:25Z21409
66
*0ABB9F2A-6913-4174-9431-851F9D3E94B4*.{0,1000}0ABB9F2A\-6913\-4174\-9431\-851F9D3E94B4.{0,1000}offensive_tool_keywordRPC-BackdoorA basic emulation of an "RPC Backdoor"T1071.004TA0011N/AN/AC2https://github.com/eladshamir/RPC-Backdoor10#GUIDprojectN/A1010240452022-08-25T14:37:41Z2022-08-16T13:12:05Z21422
67
*0ADFD1F0-7C15-4A22-87B4-F67E046ECD96*.{0,1000}0ADFD1F0\-7C15\-4A22\-87B4\-F67E046ECD96.{0,1000}offensive_tool_keywordTokenPlayerManipulating and Abusing Windows Access TokensT1134 - T1484 - T1055 - T1078TA0004 - TA0005 - TA0006N/AN/APrivilege Escalationhttps://github.com/S1ckB0y1337/TokenPlayer10#GUIDprojectN/A103274452021-01-15T16:07:47Z2020-08-20T23:05:49Z21433
68
*0B6D8B01-861E-4CAF-B1C9-6670884381DB*.{0,1000}0B6D8B01\-861E\-4CAF\-B1C9\-6670884381DB.{0,1000}offensive_tool_keywordopenbulletThe OpenBullet web testing application.T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001TA0005 - TA0001N/AN/AVulnerability Scannerhttps://github.com/openbullet/openbullet10#GUIDprojectN/A101015696972024-09-02T12:18:29Z2019-03-26T09:06:32Z21468
69
*0BD5DE6B-8DA5-4CF1-AE53-A265010F52AA*.{0,1000}0BD5DE6B\-8DA5\-4CF1\-AE53\-A265010F52AA.{0,1000}offensive_tool_keywordmimikatzmimikatz GUID projectT1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003TA0004 - TA0006 - TA0003 - TA0008 - TA0009N/ABlack Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - SphinxCredential Accesshttps://github.com/gentilkiwi/mimikatz10#GUIDprojectN/A10102009438542024-07-05T17:42:58Z2014-04-06T18:30:02Z21500
70
*0C117EE5-2A21-496D-AF31-8CC7F0CAAA86*.{0,1000}0C117EE5\-2A21\-496D\-AF31\-8CC7F0CAAA86.{0,1000}offensive_tool_keywordUnstoppableServicea Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interfaceT1543.003 - T1564.001 - T1490TA0003 - TA0005N/AN/APersistencehttps://github.com/malcomvetter/UnstoppableService10#GUIDProjectN/A5166152019-01-19T22:38:18Z2018-08-07T22:11:22Z21514
71
*0C3EB2F7-92BA-4895-99FC-7098A16FFE8C*.{0,1000}0C3EB2F7\-92BA\-4895\-99FC\-7098A16FFE8C.{0,1000}offensive_tool_keywordKeeFarceExtracts passwords from a KeePass 2.x database directly from memoryT1003 - T1055 - T1059TA0006 N/AN/ACredential Accesshttps://github.com/denandz/KeeFarce10#GUIDprojectN/A101010091322015-11-17T04:12:25Z2015-10-27T05:29:04Z21532
72
*0C81C7D4-736A-4876-A36E-15E5B2EF5117*.{0,1000}0C81C7D4\-736A\-4876\-A36E\-15E5B2EF5117.{0,1000}offensive_tool_keywordChromeKatzDump cookies directly from Chrome process memoryT1555.003 - T1003TA0006 - TA0009N/AN/ACredential Accesshttps://github.com/Meckazin/ChromeKatz10#GUIDprojectN/A101011711152024-11-26T12:53:22Z2023-12-07T22:27:06Z21552
73
*0C89EC7D-AC60-4591-8F6B-CB5F20EC0D8D*.{0,1000}0C89EC7D\-AC60\-4591\-8F6B\-CB5F20EC0D8D.{0,1000}offensive_tool_keywordVectorKernelPoCs for Kernelmode rootkit techniques research.T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518TA0003 - TA0005 - TA0004 - TA0008 - TA0007N/AN/AExploitation toolhttps://github.com/daem0nc0re/VectorKernel/10#GUIDprojectN/A104367602025-01-21T08:22:42Z2023-11-23T12:36:31Z21553
74
*0C8F49D8-BD68-420A-907D-031B83737C50*.{0,1000}0C8F49D8\-BD68\-420A\-907D\-031B83737C50.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z21555
75
*0CC923FB-E1FD-456B-9FE4-9EBA5A3DC2FC*.{0,1000}0CC923FB\-E1FD\-456B\-9FE4\-9EBA5A3DC2FC.{0,1000}offensive_tool_keywordPrivFuArtsOfGetSystem privesc toolsT1134 - T1134.001 - T1078 - T1059 - T1075TA0004N/AN/APrivilege Escalationhttps://github.com/daem0nc0re/PrivFu/10#GUIDprojectArtsOfGetSystem1098491222025-01-21T05:22:50Z2021-12-28T13:14:25Z21574
76
*0CD16C7B-2A65-44E5-AB74-843BD23241D3*.{0,1000}0CD16C7B\-2A65\-44E5\-AB74\-843BD23241D3.{0,1000}offensive_tool_keywordPrintNightmarePrintNightmare exploitationT1210 - T1059.001 - T1548.002TA0001 - TA0002 - TA0004N/ADispossessorPrivilege Escalationhttps://github.com/outflanknl/PrintNightmare10#GUIDprojectN/A104337672021-09-13T08:45:26Z2021-09-13T08:44:02Z21577
77
*0D17A4B4-A7C4-49C0-99E3-B856F9F3B271*.{0,1000}0D17A4B4\-A7C4\-49C0\-99E3\-B856F9F3B271.{0,1000}offensive_tool_keywordmhydeathAbusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.T1562.001TA0040 - TA0005N/ABlack BastaDefense Evasionhttps://github.com/zer0condition/mhydeath10#GUIDprojectN/A104397712023-08-22T08:01:04Z2023-08-22T07:15:36Z21603
78
*0DD419E5-D7B3-4360-874E-5838A7519355*.{0,1000}0DD419E5\-D7B3\-4360\-874E\-5838A7519355.{0,1000}offensive_tool_keywordCheeseToolstools for Lateral Movement/Code ExecutionT1021.006 - T1059.003 - T1105TA0008 - TA0002N/AN/ALateral Movementhttps://github.com/klezVirus/CheeseTools10#GUIDprojectN/A1087061432021-08-17T20:22:56Z2020-08-24T01:28:12Z21660
79
*0DE8DA5D-061D-4649-8A56-48729CF1F789*.{0,1000}0DE8DA5D\-061D\-4649\-8A56\-48729CF1F789.{0,1000}offensive_tool_keywordAsyncRAT-C-SharpOpen-Source Remote Administration Tool For Windows C# (RAT)T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009N/ATA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558C2https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp10#GUIDprojectN/A101024847542023-10-16T21:41:12Z2019-01-19T04:02:26Z21665
80
*0DF38AD4-60AF-4F93-9C7A-7FB7BA692017*.{0,1000}0DF38AD4\-60AF\-4F93\-9C7A\-7FB7BA692017.{0,1000}offensive_tool_keywordVolumiserVolumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.T1560.001 - T1059 - T1114 - T1005TA0005 - TA0009N/AN/ACollectionhttps://github.com/CCob/Volumiser10#GUIDprojectN/A74379422025-04-22T15:47:53Z2022-11-08T21:38:56Z21671
81
*0DF612AE-47D8-422C-B0C5-0727EA60784F*.{0,1000}0DF612AE\-47D8\-422C\-B0C5\-0727EA60784F.{0,1000}offensive_tool_keywordNativeDumpDump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)T1003.001TA0006N/AN/ACredential Accesshttps://github.com/ricardojoserf/NativeDump10#GUIDprojectN/A106586862024-12-17T15:36:57Z2024-02-22T15:16:16Z21673
82
*0E423DD6-FAAF-4A66-8828-6A5A5F22269B*.{0,1000}0E423DD6\-FAAF\-4A66\-8828\-6A5A5F22269B.{0,1000}offensive_tool_keywordDcRatDcRat C2 A simple remote tool in C#T1071 - T1021 - T1003TA0011N/AN/AMalwarehttps://github.com/qwqdanchun/DcRat10#GUIDprojectN/A10109683322022-02-07T05:37:09Z2021-03-12T11:00:37Z21696
83
*0E4BAB8F-E6E0-47A8-8E99-8D451839967E*.{0,1000}0E4BAB8F\-E6E0\-47A8\-8E99\-8D451839967E.{0,1000}offensive_tool_keywordEfiGuardEfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).T1542.002 - T1542.003 - T1542.004TA0003 - TA0005N/AN/ADefense Evasionhttps://github.com/Mattiwatti/EfiGuard10#GUIDprojectN/A101019773542025-02-24T11:57:36Z2019-03-25T19:47:39Z21698
84
*0E5D043A-CAA1-40C7-A616-773F347FA43F*.{0,1000}0E5D043A\-CAA1\-40C7\-A616\-773F347FA43F.{0,1000}greyware_tool_keywordpingcastleactive directory weakness scan Vulnerability scannerT1016 - T1069.002 - T1087.002 - T1485TA0007 - TA0008N/AMAZE - BianLian - Scattered Spider* - DragonForceVulnerability Scannerhttps://github.com/netwrix/pingcastle10#GUIDprojectN/A101024863032025-02-28T10:16:24Z2018-08-31T17:42:48Z21702
85
*0FE0D049-F352-477D-BCCD-ACBF7D4F6F15*.{0,1000}0FE0D049\-F352\-477D\-BCCD\-ACBF7D4F6F15.{0,1000}offensive_tool_keywordEvilSlnA New Exploitation Technique for Visual Studio ProjectsT1564.001 - T1204.002TA0005 - TA0002N/AN/ADefense Evasionhttps://github.com/cjm00n/EvilSln10#GUIDprojectN/A10N/A21818
86
*105C2C6D-1C0A-4535-A231-80E355EFB112*.{0,1000}105C2C6D\-1C0A\-4535\-A231\-80E355EFB112.{0,1000}offensive_tool_keywordRoguePotatoWindows Local Privilege Escalation from Service Account to SystemT1055.002 - T1078.003 - T1070.004TA0005 - TA0004 - TA0002N/AN/APrivilege Escalationhttps://github.com/antonioCoco/RoguePotato10#GUIDprojectN/A101010811312021-01-09T20:43:07Z2020-05-10T17:38:28Z21888
87
*107EBC1B-0273-4B3D-B676-DE64B7F52B33*.{0,1000}107EBC1B\-0273\-4B3D\-B676\-DE64B7F52B33.{0,1000}offensive_tool_keywordSharpPersistSDA Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machinesT1547 - T1053 - T1027 - T1028 - T1112TA0003 - TA0008N/AN/APersistencehttps://github.com/cybersectroll/SharpPersistSD10#GUIDprojectN/A10187122024-05-15T14:55:14Z2024-05-13T15:11:12Z21897
88
*10CC4D5B-DC87-4AEB-887B-E47367BF656B*.{0,1000}10CC4D5B\-DC87\-4AEB\-887B\-E47367BF656B.{0,1000}offensive_tool_keywordFormThiefSpoofing desktop login applications with WinForms and WPFT1204.002 - T1056.004 - T1071.001TA0001 - TA0006N/AN/ACredential Accesshttps://github.com/mlcsec/FormThief10#GUIDprojectN/A82173312024-02-19T22:40:09Z2024-02-19T22:34:07Z21915
89
*111BB935-2A0A-4AE2-AEB0-EF2FAA529840*.{0,1000}111BB935\-2A0A\-4AE2\-AEB0\-EF2FAA529840.{0,1000}offensive_tool_keywordMalware RAT collectionfrom Malware RAT samplesT1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007N/AN/AMalwarehttps://github.com/x-cod3r/Remote-administration-tools-archive10#GUIDprojectN/A9193302023-10-03T15:08:22Z2023-10-03T13:09:00Z21947
90
*11385CC1-54B7-4968-9052-DF8BB1961F1E*.{0,1000}11385CC1\-54B7\-4968\-9052\-DF8BB1961F1E.{0,1000}offensive_tool_keywordShellcode-Hidesimple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105TA0005 - TA0001 - TA0003N/AN/ADefense Evasionhttps://github.com/TheD1rkMtr/Shellcode-Hide10#GUIDprojectN/A954161092023-08-02T02:22:20Z2023-02-05T17:31:43Z21954
91
*116472CE-3924-40EA-90F9-50A1A00D0EC5*.{0,1000}116472CE\-3924\-40EA\-90F9\-50A1A00D0EC5.{0,1000}offensive_tool_keywordLime-RATremote administration tool for Windows (RAT)T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003N/AAPT-C-36 - Operation ComandoMalwarehttps://github.com/NYAN-x-CAT/Lime-RAT10#GUIDprojectN/A101010864132019-06-24T17:05:48Z2018-02-07T15:35:56Z21967
92
*1250BAE1-D26F-4EF2-9452-9B5009568336*.{0,1000}1250BAE1\-D26F\-4EF2\-9452\-9B5009568336.{0,1000}offensive_tool_keywordVectorKernelPoCs for Kernelmode rootkit techniques research.T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518TA0003 - TA0005 - TA0004 - TA0008 - TA0007N/AN/AExploitation toolhttps://github.com/daem0nc0re/VectorKernel/10#GUIDprojectN/A104367602025-01-21T08:22:42Z2023-11-23T12:36:31Z22028
93
*128C450F-C8B3-403A-9D0C-E5AD6B7F566F*.{0,1000}128C450F\-C8B3\-403A\-9D0C\-E5AD6B7F566F.{0,1000}greyware_tool_keywordmeshcentralMeshCentral is a full computer management web site - abused by attackersT1021 - T1071 - T1090TA0003 - TA0008 - TA0011N/AN/ARMMhttps://github.com/Ylianst/MeshAgent10#GUIDprojectN/A103264962025-03-19T18:43:56Z2017-10-12T21:26:52Z22065
94
*13431429-2DB6-480F-B73F-CA019FE759E3*.{0,1000}13431429\-2DB6\-480F\-B73F\-CA019FE759E3.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z22121
95
*13A59BB8-0246-4FFA-951B-89B9A341F159*.{0,1000}13A59BB8\-0246\-4FFA\-951B\-89B9A341F159.{0,1000}offensive_tool_keywordxeno-ratXeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much moreT1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011N/AN/AC2https://github.com/moom825/xeno-rat10#GUIDprojectN/A101012253232024-03-05T06:22:36Z2023-10-17T06:41:56Z22146
96
*13C57810-FF18-4258-ABC9-935040A54F0B*.{0,1000}13C57810\-FF18\-4258\-ABC9\-935040A54F0B.{0,1000}offensive_tool_keywordNidhoggNidhogg is an all-in-one simple to use rootkit for red teams.T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040N/ABlack BastaExploitation toolhttps://github.com/Idov31/Nidhogg10#GUIDprojectN/A101019462842025-04-19T14:28:47Z2022-05-29T14:37:50Z22154
97
*13C84182-2F5F-4EE8-A37A-4483E7E57154*.{0,1000}13C84182\-2F5F\-4EE8\-A37A\-4483E7E57154.{0,1000}offensive_tool_keywordSharpExShellSharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel applicationT1021.003 - T1218.007 - T1127.001TA0008 - TA0009 - TA0005N/AN/ALateral Movementhttps://github.com/grayhatkiller/SharpExShell10#GUIDprojectN/A8170152024-05-01T23:17:25Z2023-10-30T18:16:41Z22156
98
*14083A04-DD4B-4E7D-A16E-86947D3D6D74*.{0,1000}14083A04\-DD4B\-4E7D\-A16E\-86947D3D6D74.{0,1000}offensive_tool_keywordXrulezXRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.T1078 - T1105 - T1059 - T1566TA0002 - TA0003 - TA0005 - TA0011N/AN/APersistencehttps://github.com/FSecureLABS/Xrulez10#GUIDprojectN/A102162452018-12-11T16:33:08Z2016-08-31T10:10:10Z22174
99
*14CA405B-8BAC-48AB-9FBA-8FB5DF88FD0D*.{0,1000}14CA405B\-8BAC\-48AB\-9FBA\-8FB5DF88FD0D.{0,1000}offensive_tool_keywordMalware RAT collectionfrom Malware RAT samplesT1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007N/AN/AMalwarehttps://github.com/x-cod3r/Remote-administration-tools-archive10#GUIDprojectN/A9193302023-10-03T15:08:22Z2023-10-03T13:09:00Z22219
100
*14CA405B-8BAC-48AB-9FBA-8FB5DF88FD0D*.{0,1000}14CA405B\-8BAC\-48AB\-9FBA\-8FB5DF88FD0D.{0,1000}greyware_tool_keywordQuasarOpen-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040N/APatchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy - Earth Berberoka - APT33 - APT32 - Operation C-Major - QUILTED TIGER - MoleratsRMMhttps://github.com/quasar/Quasar10#GUIDprojectN/AN/A10918725512024-02-29T06:37:37Z2014-07-08T12:27:59Z22220
101
*15ce9a3c-4609-4184-87b2-e29fc5e2b770*.{0,1000}15ce9a3c\-4609\-4184\-87b2\-e29fc5e2b770.{0,1000}offensive_tool_keywordSharpZeroLogonexploit for CVE-2020-1472T1210 - T1558.003 - T1078.002 - T1098 - T1003.006TA0001 - TA0004 - TA0005 - TA0006 - TA0003Ghost RansomwareN/AExploitation toolhttps://github.com/leitosama/SharpZeroLogon10#GUIDprojectN/A10127172021-02-13T10:13:32Z2021-02-13T09:44:43Z22285
102
*1605d453-7d62-4198-a436-27e48ef828eb*.{0,1000}1605d453\-7d62\-4198\-a436\-27e48ef828eb.{0,1000}offensive_tool_keywordShimMeInjects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070TA0004 - TA0005 - TA0006 - TA0009N/AN/APrivilege Escalationhttps://github.com/deepinstinct/ShimMe10#GUIDprojectN/A92140202024-10-29T07:33:38Z2024-08-04T10:03:28Z22292
103
*1617117C-0E94-4E6A-922C-836D616EC1F5*.{0,1000}1617117C\-0E94\-4E6A\-922C\-836D616EC1F5.{0,1000}offensive_tool_keywordShellcode-Hidesimple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105TA0005 - TA0001 - TA0003N/AN/ADefense Evasionhttps://github.com/TheD1rkMtr/Shellcode-Hide10#GUIDprojectN/A954161092023-08-02T02:22:20Z2023-02-05T17:31:43Z22301
104
*1659E645-27B0-4AB9-A10E-64BA4B801CB0*.{0,1000}1659E645\-27B0\-4AB9\-A10E\-64BA4B801CB0.{0,1000}offensive_tool_keywordOSEP-Code-Snippetsnotable code snippets for Offensive Security's PEN-300 (OSEP) courseT1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004N/AN/AExploitation toolhttps://github.com/chvancooten/OSEP-Code-Snippets10#GUIDprojectN/A81012544442024-01-04T15:17:17Z2021-03-10T21:34:41Z22327
105
*171A9A71-EDEF-4891-9828-44434A00585E*.{0,1000}171A9A71\-EDEF\-4891\-9828\-44434A00585E.{0,1000}offensive_tool_keywordVectorKernelPoCs for Kernelmode rootkit techniques research.T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518TA0003 - TA0005 - TA0004 - TA0008 - TA0007N/AN/AExploitation toolhttps://github.com/daem0nc0re/VectorKernel/10#GUIDprojectN/A104367602025-01-21T08:22:42Z2023-11-23T12:36:31Z22376
106
*17332F12-D796-42D1-9A3E-460590A49382*.{0,1000}17332F12\-D796\-42D1\-9A3E\-460590A49382.{0,1000}offensive_tool_keywordRedTeam_Tools_n_StuffCollection of self-made Red Team toolsT1070.004 - T1222 - T1070.003 - T1003.005 - T1057TA0005 - TA0006 - TA0007N/AN/AExploitation toolhttps://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr7710#GUIDprojectN/A71112023-10-13T06:31:42Z2023-10-04T13:43:37Z22382
107
*17589EA6-FCC9-44BB-92AD-D5B3EEA6AF03*.{0,1000}17589EA6\-FCC9\-44BB\-92AD\-D5B3EEA6AF03.{0,1000}offensive_tool_keywordKeeFarceExtracts passwords from a KeePass 2.x database directly from memoryT1003 - T1055 - T1059TA0006 N/AN/ACredential Accesshttps://github.com/denandz/KeeFarce10#GUIDprojectN/A101010091322015-11-17T04:12:25Z2015-10-27T05:29:04Z22390
108
*17FC11E9-C258-4B8D-8D07-2F4125156244*.{0,1000}17FC11E9\-C258\-4B8D\-8D07\-2F4125156244.{0,1000}offensive_tool_keywordmimikatzmimikatz UUIDT1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003TA0004 - TA0006 - TA0003 - TA0008 - TA0009N/ABlack Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - SphinxCredential Accesshttps://github.com/gentilkiwi/mimikatz10#GUIDprojectuuid10102009438542024-07-05T17:42:58Z2014-04-06T18:30:02Z22428
109
*1824ED63-BE4D-4306-919D-9C749C1AE271*.{0,1000}1824ED63\-BE4D\-4306\-919D\-9C749C1AE271.{0,1000}offensive_tool_keywordSharpDecryptPwdDecrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etcT1003.008 - T1555.004 - T1552.002TA0006N/AN/ACredential Accesshttps://github.com/RowTeam/SharpDecryptPwd10#GUIDprojectN/A1087691172022-03-04T02:49:31Z2022-02-25T11:21:43Z22436
110
*189219A1-9A2A-4B09-8F69-6207E9996F94*.{0,1000}189219A1\-9A2A\-4B09\-8F69\-6207E9996F94.{0,1000}offensive_tool_keywordOSEP-Code-Snippetsnotable code snippets for Offensive Security's PEN-300 (OSEP) courseT1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004N/AN/AExploitation toolhttps://github.com/chvancooten/OSEP-Code-Snippets10#GUIDprojectN/A81012544442024-01-04T15:17:17Z2021-03-10T21:34:41Z22467
111
*18A66118-B98D-4FFC-AABE-DAFF5779F14C*.{0,1000}18A66118\-B98D\-4FFC\-AABE\-DAFF5779F14C.{0,1000}offensive_tool_keywordInvisi-ShellHide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.T1027 - T1059.001 - T1562TA0005 - TA0002N/AN/ADefense Evasionhttps://github.com/OmerYa/Invisi-Shell10#GUIDprojectN/A101011671662019-08-19T19:55:19Z2018-10-14T23:32:56Z22474
112
*18C681A2-072F-49D5-9DE6-74C979EAE08B*.{0,1000}18C681A2\-072F\-49D5\-9DE6\-74C979EAE08B.{0,1000}offensive_tool_keywordForkPlaygroundproof-of-concept of Process Forking.T1055 - T1003TA0001 - TA0005N/AN/ADefense Evasionhttps://github.com/D4stiny/ForkPlayground10#GUIDprojectN/A73226332021-11-29T21:42:43Z2021-11-26T04:21:46Z22482
113
*190DFAEB-0288-4043-BE0E-3273FA653B52*.{0,1000}190DFAEB\-0288\-4043\-BE0E\-3273FA653B52.{0,1000}offensive_tool_keywordPredatorTheStealerC++ stealer (passwords - cookies - forms - cards - wallets) T1078 - T1114 - T1555 - T1539 - T1212 - T1132TA0006 - TA0010N/AN/ACredential Accesshttps://github.com/SecUser1/PredatorTheStealer10#GUIDprojectN/A811122022-12-06T16:46:33Z2022-12-06T16:34:43Z22499
114
*196B8469-F798-4ECC-9A77-C1CAB5BF6EAE*.{0,1000}196B8469\-F798\-4ECC\-9A77\-C1CAB5BF6EAE.{0,1000}offensive_tool_keywordHardHatC2A C# Command & Control frameworkT1105 - T1573 - T1071 - T1027TA0011 - TA0005 - TA0010N/AN/AC2https://github.com/DragoQCC/HardHatC210#GUIDprojectN/A10109961302024-03-28T02:30:02Z2022-12-08T19:40:47Z22526
115
*1a3c4069-8c11-4336-bef8-9a43c0ba60e2*.{0,1000}1a3c4069\-8c11\-4336\-bef8\-9a43c0ba60e2.{0,1000}offensive_tool_keywordDomainPasswordSprayDomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.T1110.001 - T1110.003TA0001 - TA0006N/AN/ACredential Accesshttps://github.com/dafthack/DomainPasswordSpray10#GUIDprojectmodule id101018653882024-07-11T18:18:57Z2016-10-04T23:37:37Z22585
116
*1A8C9BD8-1800-46B0-8E22-7D3823C68366*.{0,1000}1A8C9BD8\-1800\-46B0\-8E22\-7D3823C68366.{0,1000}offensive_tool_keywordSharpGhostTaskregistry manipulation to create scheduled tasks without triggering the usual event logs.T1053.005 - T1112 - T1564.001TA0003 - TA0005N/AN/ADefense Evasionhttps://github.com/dmcxblue/SharpGhostTask10#GUIDprojectN/A102114122024-01-05T15:42:55Z2024-01-04T21:42:33Z22611
117
*1A99EBED-6E53-469F-88B7-F4C3D2C96B07*.{0,1000}1A99EBED\-6E53\-469F\-88B7\-F4C3D2C96B07.{0,1000}offensive_tool_keywordAppProxyC2simple POC to show how to tunnel traffic through Azure Application ProxyT1090 - T1572 - T1071TA0005 - TA0008 - TA0011N/AN/AC2https://github.com/xpn/AppProxyC210#GUIDProjectN/A91069182021-04-21T13:02:15Z2021-04-21T10:46:16Z22613
118
*1AFD1BA3-028A-4E0F-82A8-095F38694ECF*.{0,1000}1AFD1BA3\-028A\-4E0F\-82A8\-095F38694ECF.{0,1000}offensive_tool_keywordThread-Pool-Injection-PoCProof of concept code for thread pool based process injection in Windows.T1055.011TA0005N/AN/ADefense Evasionhttps://github.com/Uri3n/Thread-Pool-Injection-PoC10#GUIDprojectN/A82115132025-03-29T23:14:47Z2024-01-24T07:42:08Z22651
119
*1B1F64B3-B8A4-4BBB-BB66-F020E2D4F288*.{0,1000}1B1F64B3\-B8A4\-4BBB\-BB66\-F020E2D4F288.{0,1000}offensive_tool_keywordPerfusionExploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)T1068 - T1055 - T1548.002TA0003 - TA0004 - TA0005N/AN/APrivilege Escalationhttps://github.com/itm4n/Perfusion10#GUIDprojectN/A105419752021-04-22T16:20:32Z2021-02-11T18:28:22Z22659
120
*1B3C96A3-F698-472B-B786-6FED7A205159*.{0,1000}1B3C96A3\-F698\-472B\-B786\-6FED7A205159.{0,1000}offensive_tool_keywordlocalpotatoThe LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.T1550.002 - T1078.003 - T1005 - T1070.004TA0004 - TA0006 - TA0002N/AN/APrivilege Escalationhttps://github.com/decoder-it/LocalPotato10#GUIDprojectN/A107691922023-11-07T01:09:08Z2023-01-04T18:22:29Z22668
121
*1B454840-E496-4F27-AA18-439A4E97BCC6*.{0,1000}1B454840\-E496\-4F27\-AA18\-439A4E97BCC6.{0,1000}offensive_tool_keywordCarbanakremote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machinesT1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041TA0006 - TA0008 - TA0010 - TA0011CarbanakFIN7 - CarbanakMalwarehttps://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins10#GUIDprojectN/A1043962232019-05-01T23:31:35Z2019-04-22T21:01:08Z22672
122
*1B52A3D9-014C-4CBF-BB98-09080D9A8D16*.{0,1000}1B52A3D9\-014C\-4CBF\-BB98\-09080D9A8D16.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z22678
123
*1BA54A13-B390-47B3-9628-B58A2BBA193B*.{0,1000}1BA54A13\-B390\-47B3\-9628\-B58A2BBA193B.{0,1000}offensive_tool_keywordr77-rootkitFileless ring 3 rootkit with installer and persistence that hides processes, files, network connectionsT1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009TA0005 - TA0003N/AN/APersistencehttps://github.com/bytecode77/r77-rootkit10#GUIDprojectN/A101018844252025-03-25T17:59:20Z2017-12-17T13:04:14Z22703
124
*1BACEDDC-CD87-41DC-948C-1C12F960BECB*.{0,1000}1BACEDDC\-CD87\-41DC\-948C\-1C12F960BECB.{0,1000}offensive_tool_keywordthemebleedProof-of-Concept for CVE-2023-38146T1566.001 - T1077 - T1213.002TA0007 - TA0011 - TA0010N/AN/AExploitation toolhttps://github.com/gabe-k/themebleed10#GUIDprojectN/A102196372023-09-13T04:50:29Z2023-09-13T04:00:14Z22706
125
*1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E*.{0,1000}1BF9C10F\-6F89\-4520\-9D2E\-AAF17D17BA5E.{0,1000}offensive_tool_keywordSweetPotatoLocal Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019T1548 - T1055TA0004 - TA0005N/AN/APrivilege Escalationhttps://github.com/CCob/SweetPotato10#GUIDprojectN/A101016972282024-09-04T17:09:30Z2020-04-12T17:40:03Z22721
126
*1c50adeb-53ac-41b9-9c34-7045cffbae45*.{0,1000}1c50adeb\-53ac\-41b9\-9c34\-7045cffbae45.{0,1000}offensive_tool_keywordo365enumEnumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002TA0040 - TA0010 - TA0007N/AN/AExploitation toolhttps://github.com/gremwell/o365enum10#GUIDprojectN/A73267392024-05-02T07:45:31Z2020-02-18T12:22:50Z22742
127
*1C5EDA8C-D27F-44A4-A156-6F863477194D*.{0,1000}1C5EDA8C\-D27F\-44A4\-A156\-6F863477194D.{0,1000}offensive_tool_keywordntdlll-unhooking-collectionunhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002TA0005N/AN/ADefense Evasionhttps://github.com/TheD1rkMtr/ntdlll-unhooking-collection10#GUIDprojectN/A92188382023-08-02T02:26:33Z2023-02-07T16:54:15Z22747
128
*1CC6E8A9-1875-430C-B2BB-F227ACD711B1*.{0,1000}1CC6E8A9\-1875\-430C\-B2BB\-F227ACD711B1.{0,1000}greyware_tool_keywordshadowsocksshadowsocks is a fast tunnel proxy that helps you bypass firewallsT1572 - T1090TA0011 - TA0005N/AN/AC2https://github.com/shadowsocks/shadowsocks-windows10#GUIDprojectN/A101058770163682025-01-01T08:09:55Z2013-01-14T07:54:16Z22780
129
*1D1B59D9-10AF-40FE-BE99-578C09DB7A2A*.{0,1000}1D1B59D9\-10AF\-40FE\-BE99\-578C09DB7A2A.{0,1000}offensive_tool_keywordShareAuditA tool for auditing network shares in an Active Directory environmentT1135 - T1005 - T1083 - T1210TA0007 - TA0009N/AN/ADiscoveryhttps://github.com/dionach/ShareAudit10#GUIDprojectN/A8142152019-04-29T10:07:57Z2019-02-26T16:00:15Z22797
130
*1DFC488D-E104-4F35-98DA-F23BF6D3F9DC*.{0,1000}1DFC488D\-E104\-4F35\-98DA\-F23BF6D3F9DC.{0,1000}offensive_tool_keywordShareAuditA tool for auditing network shares in an Active Directory environmentT1135 - T1005 - T1083 - T1210TA0007 - TA0009N/AN/ADiscoveryhttps://github.com/dionach/ShareAudit10#GUIDprojectN/A8142152019-04-29T10:07:57Z2019-02-26T16:00:15Z22867
131
*1E0986B4-4BF3-4CEA-A885-347B6D232D46*.{0,1000}1E0986B4\-4BF3\-4CEA\-A885\-347B6D232D46.{0,1000}offensive_tool_keywordSharpLAPSRetrieve LAPS password from LDAPT1552.005 - T1212TA0006 - TA0007N/ADispossessorCredential Accesshttps://github.com/swisskyrepo/SharpLAPS10#GUIDprojectN/A105408852021-02-17T14:32:16Z2021-02-16T17:27:41Z22872
132
*1e1f0cff-ff7a-406d-bd82-e53809a5e93a*.{0,1000}1e1f0cff\-ff7a\-406d\-bd82\-e53809a5e93a.{0,1000}offensive_tool_keywordVenomousSwayVBA payload generation frameworkT1059.005TA0002 - TA0005N/AN/ADefense Evasionhttps://github.com/trustedsec/The_Shelf10#GUIDprojectThe GUID of the VSTO's security public key103247142024-11-25T19:33:34Z2024-05-22T14:31:52Z22878
133
*1E2A1E78-ED0B-414B-A956-86232B1025BE*.{0,1000}1E2A1E78\-ED0B\-414B\-A956\-86232B1025BE.{0,1000}offensive_tool_keywordLime-RATremote administration tool for Windows (RAT)T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003N/AAPT-C-36 - Operation ComandoMalwarehttps://github.com/NYAN-x-CAT/Lime-RAT10#GUIDprojectN/A101010864132019-06-24T17:05:48Z2018-02-07T15:35:56Z22881
134
*1E474090-96A7-433C-BFE6-0F8B45DECC42*.{0,1000}1E474090\-96A7\-433C\-BFE6\-0F8B45DECC42.{0,1000}offensive_tool_keywordSharpFtpC2A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote SystemsT1071.002 - T1105 - T1090.001TA0011N/AN/AC2https://github.com/PhrozenIO/SharpFtpC210#GUIDprojectN/A101088152023-11-09T10:37:20Z2023-06-09T12:41:28Z22887
135
*1E70D62D-CC36-480F-82BB-E9593A759AF9*.{0,1000}1E70D62D\-CC36\-480F\-82BB\-E9593A759AF9.{0,1000}offensive_tool_keywordPowerShxRun Powershell without software restrictions.T1059.001 - T1055.001 - T1055.012TA0002 - TA0005N/AN/ADefense Evasionhttps://github.com/iomoath/PowerShx10#GUIDprojectN/A73286472021-09-08T03:44:10Z2021-09-06T18:32:45Z22902
136
*1eb987e0-23a5-415e-9194-cd961314441b*.{0,1000}1eb987e0\-23a5\-415e\-9194\-cd961314441b.{0,1000}offensive_tool_keywordPrivFuSeTcbPrivilege exploitationT1134 - T1134.001 - T1078 - T1059 - T1075TA0004N/AN/APrivilege Escalationhttps://github.com/daem0nc0re/PrivFu/10#GUIDprojectPrivFu\PowerOfTcb1098491222025-01-21T05:22:50Z2021-12-28T13:14:25Z22926
137
*1fc325f3-c548-43db-a13f-8c460dda8381*.{0,1000}1fc325f3\-c548\-43db\-a13f\-8c460dda8381.{0,1000}offensive_tool_keywordDNS-Tunnel-KeyloggerKeylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokesT1056.001 - T1048.003TA0009 - TA0011N/AN/ACollectionhttps://github.com/Geeoon/DNS-Tunnel-Keylogger10#GUIDprojectN/A93273402024-06-16T19:47:36Z2024-01-10T17:25:58Z23002
138
*1FDCAD33-E5D1-4D5F-ACD5-FA6F8661DFE5*.{0,1000}1FDCAD33\-E5D1\-4D5F\-ACD5\-FA6F8661DFE5.{0,1000}offensive_tool_keywordAccompliceTools for discovery and abuse of COM hijacksT1120 - T1174TA0007 - TA0003N/AN/ADiscoveryhttps://github.com/nccgroup/Accomplice10#GUIDprojectN/A74303472019-10-15T21:54:09Z2019-09-04T23:32:09Z23010
139
*20B3AA84-9CA7-43E5-B0CD-8DBA5091DF92*.{0,1000}20B3AA84\-9CA7\-43E5\-B0CD\-8DBA5091DF92.{0,1000}offensive_tool_keywordSharpRDPThiefA C# implementation of RDPThief to steal credentials from RDPT1056.004 - T1110 - T1563.002TA0006 - TA0043N/AN/ACredential Accesshttps://github.com/passthehashbrowns/SharpRDPThief10#GUIDprojectN/A102160282020-08-28T03:48:51Z2020-08-26T22:27:36Z23084
140
*210A3DB2-11E3-4BB4-BE7D-554935DCCA43*.{0,1000}210A3DB2\-11E3\-4BB4\-BE7D\-554935DCCA43.{0,1000}offensive_tool_keywordUACMEDefeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.T1548 - T1547 - T1218TA0002 - TA0005 - TA0004N/AEvilnumDefense Evasionhttps://github.com/hfiref0x/UACME10#GUIDprojectN/A1010671113482025-03-09T03:33:26Z2015-03-28T12:04:33Z23104
141
*2116E6C5-F609-4CA8-B1A1-E87B7BE770A4*.{0,1000}2116E6C5\-F609\-4CA8\-B1A1\-E87B7BE770A4.{0,1000}offensive_tool_keywordPassTheChallengeRecovering NTLM hashes from Credential GuardT1003 - T1555.002TA0006 - TA0005N/AN/AExploitation toolhttps://github.com/ly4k/PassTheChallenge10#GUIDprojectN/A94334212022-12-26T01:09:18Z2022-12-26T00:56:40Z23107
142
*211A4598-B46E-4CD3-BA5A-1EC259D4DB5A*.{0,1000}211A4598\-B46E\-4CD3\-BA5A\-1EC259D4DB5A.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z23109
143
*2150D252-AA17-45C2-8981-A6DCF7055CA6*.{0,1000}2150D252\-AA17\-45C2\-8981\-A6DCF7055CA6.{0,1000}offensive_tool_keywordKoppelingAdaptive DLL hijacking / dynamic export forwardingT1574.002TA0005N/AN/ADefense Evasionhttps://github.com/monoxgas/Koppeling10#GUIDprojectN/A887481282020-07-06T14:47:57Z2020-02-18T21:08:16Z23123
144
*2164E6D9-6023-4932-A08F-7A5C15E2CA0B*.{0,1000}2164E6D9\-6023\-4932\-A08F\-7A5C15E2CA0B.{0,1000}offensive_tool_keywordshutterThe goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.T1562 - T1027TA0005 - TA0007N/AN/ADefense Evasionhttps://github.com/dsnezhkov/shutter10#GUIDprojectN/A102116152021-05-12T19:05:14Z2021-05-12T18:51:03Z23133
145
*22020898-6F0D-4D71-B14D-CB5897C5A6AA*.{0,1000}22020898\-6F0D\-4D71\-B14D\-CB5897C5A6AA.{0,1000}offensive_tool_keywordCreateServiceCreating a persistent serviceT1543.003 - T1547.001 - T1050TA0003N/AN/APersistencehttps://github.com/uknowsec/CreateService10#GUIDprojectN/A42105272021-04-26T06:43:12Z2020-09-23T05:03:52Z23172
146
*227c72ed-494a-4d29-9170-5e5994c12f5c*.{0,1000}227c72ed\-494a\-4d29\-9170\-5e5994c12f5c.{0,1000}offensive_tool_keywordPOCWindows Privilege escalation POC exploitation for CVE-2024-49138T1068 - T1058 - T1203TA0004N/AN/APrivilege Escalationhttps://github.com/emdnaia/CVE-2024-49138-POC10#GUIDprojectN/A91102025-01-15T01:01:21Z2025-01-15T02:11:49Z23218
147
*2297A528-E866-4056-814A-D01C1C305A38*.{0,1000}2297A528\-E866\-4056\-814A\-D01C1C305A38.{0,1000}offensive_tool_keywordPrivFuPoCs for sensitive token privileges such SeDebugPrivilegeT1068 - T1134 - T1134.001 - T1078 - T1059TA0004 - TA0009 - TA0003N/AN/APrivilege Escalationhttps://github.com/daem0nc0re/PrivFu10#GUIDprojectPrivilegedOperations1098491222025-01-21T05:22:50Z2021-12-28T13:14:25Z23224
148
*22A156EA-2623-45C7-8E50-E864D9FC44D3*.{0,1000}22A156EA\-2623\-45C7\-8E50\-E864D9FC44D3.{0,1000}offensive_tool_keywordSharpPackcollection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and moreT1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011N/AN/AExploitation toolhttps://github.com/Lexus89/SharpPack10#GUIDprojectN/A10178192019-08-12T13:25:25Z2018-10-01T12:45:16Z23228
149
*22A156EA-2623-45C7-8E50-E864D9FC44D3*.{0,1000}22A156EA\-2623\-45C7\-8E50\-E864D9FC44D3.{0,1000}offensive_tool_keywordSharpViewC# implementation of harmj0y's PowerViewT1018 - T1482 - T1087.002 - T1069.002TA0007 - TA0003 - TA0001N/AConti - APT29Discoveryhttps://github.com/tevora-threat/SharpView/10#GUIDprojectN/A101010321962024-03-22T16:34:09Z2018-07-24T21:15:04Z23229
150
*23975ac9-f51c-443a-8318-db006fd83100*.{0,1000}23975ac9\-f51c\-443a\-8318\-db006fd83100.{0,1000}offensive_tool_keywordo365enumEnumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002TA0040 - TA0010 - TA0007N/AN/AExploitation toolhttps://github.com/gremwell/o365enum10#GUIDprojectN/A73267392024-05-02T07:45:31Z2020-02-18T12:22:50Z23291
151
*23A2E629-DC9D-46EA-8B5A-F1D60566EA09*.{0,1000}23A2E629\-DC9D\-46EA\-8B5A\-F1D60566EA09.{0,1000}offensive_tool_keywordUACMEDefeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.T1548 - T1547 - T1218TA0002 - TA0005 - TA0004N/AEvilnumDefense Evasionhttps://github.com/hfiref0x/UACME10#GUIDprojectN/A1010671113482025-03-09T03:33:26Z2015-03-28T12:04:33Z23296
152
*2419CEDC-BF3A-4D8D-98F7-6403415BEEA4*.{0,1000}2419CEDC\-BF3A\-4D8D\-98F7\-6403415BEEA4.{0,1000}offensive_tool_keywordPipeViewer A tool that shows detailed information about named pipes in WindowsT1022.002 - T1056.002TA0005 - TA0009N/AN/Adiscoveryhttps://github.com/cyberark/PipeViewer10#GUIDprojectN/A57620552024-11-15T09:55:35Z2022-12-22T12:35:34Z23330
153
*253e716a-ab96-4f87-88c7-052231ec2a12*.{0,1000}253e716a\-ab96\-4f87\-88c7\-052231ec2a12.{0,1000}offensive_tool_keywordDCSyncerPerform DCSync operationT1003.006TA0006 - TA0004N/AN/ACredential Accesshttps://github.com/notsoshant/DCSyncer10#GUIDprojectN/A102143222024-11-05T20:03:27Z2020-06-06T17:20:22Z23402
154
*261f880e-4bee-428d-9f64-c29292002c19*.{0,1000}261f880e\-4bee\-428d\-9f64\-c29292002c19.{0,1000}offensive_tool_keywordJuicyPotatoNGAnother Windows Local Privilege Escalation from Service Account to SystemT1055.002 - T1078.003 - T1070.004TA0005 - TA0004 - TA0002N/AFoxKitten - APT33 - Volatile Cedar - SandwormPrivilege Escalationhttps://github.com/antonioCoco/JuicyPotatoNG10#GUIDprojectN/A1098441012022-11-12T01:48:39Z2022-09-21T17:08:35Z23467
155
*2661F29C-69F5-4010-9198-A418C061DD7C*.{0,1000}2661F29C\-69F5\-4010\-9198\-A418C061DD7C.{0,1000}offensive_tool_keywordXrulezXRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.T1078 - T1105 - T1059 - T1566TA0002 - TA0003 - TA0005 - TA0011N/AN/APersistencehttps://github.com/FSecureLABS/Xrulez10#GUIDprojectN/A102162452018-12-11T16:33:08Z2016-08-31T10:10:10Z23481
156
*274F19EC-7CBA-4FC7-80E6-BB41C1FE6728*.{0,1000}274F19EC\-7CBA\-4FC7\-80E6\-BB41C1FE6728.{0,1000}offensive_tool_keywordDragonCastleA PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.T1003 - T1547.005 - T1055 - T1557TA0008 - TA0006N/AN/ACredential Accesshttps://github.com/mdsecactivebreach/DragonCastle10#GUIDprojectN/A103298382022-10-26T10:19:55Z2022-10-26T10:18:37Z23556
157
*27CF1AE0-5FDE-4B31-A4DA-6FAD1D77351D*.{0,1000}27CF1AE0\-5FDE\-4B31\-A4DA\-6FAD1D77351D.{0,1000}offensive_tool_keywordLime-RATremote administration tool for Windows (RAT)T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003N/AAPT-C-36 - Operation ComandoMalwarehttps://github.com/NYAN-x-CAT/Lime-RAT10#GUIDprojectN/A101010864132019-06-24T17:05:48Z2018-02-07T15:35:56Z23583
158
*27E42E24-9F76-44E2-B1D6-82F68D5C4466*.{0,1000}27E42E24\-9F76\-44E2\-B1D6\-82F68D5C4466.{0,1000}offensive_tool_keywordPOCLocal Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.T1055.011 - T1548.002TA0004 - TA0005N/AN/APrivilege Escalationhttps://github.com/hakaioffsec/CVE-2024-2133810#GUIDprojectN/A93292602024-04-16T21:00:14Z2024-04-13T05:53:02Z23589
159
*27F85701-FD37-4D18-A107-20E914F8E779*.{0,1000}27F85701\-FD37\-4D18\-A107\-20E914F8E779.{0,1000}offensive_tool_keywordSharpEventPersistPersistence by writing/reading shellcode from Event LogT1055 - T1070.001 - T1547.001TA0003 - TA0005N/AN/APersistencehttps://github.com/improsec/SharpEventPersist10#GUIDprojectN/A1010371502022-05-27T14:52:02Z2022-05-20T14:52:56Z23598
160
*28CF3837-FF58-463B-AF81-E6B0039DE55F*.{0,1000}28CF3837\-FF58\-463B\-AF81\-E6B0039DE55F.{0,1000}offensive_tool_keywordShareAuditA tool for auditing network shares in an Active Directory environmentT1135 - T1005 - T1083 - T1210TA0007 - TA0009N/AN/ADiscoveryhttps://github.com/dionach/ShareAudit10#GUIDprojectN/A8142152019-04-29T10:07:57Z2019-02-26T16:00:15Z23647
161
*28F9E001-67E0-4200-B120-3021596689E9*.{0,1000}28F9E001\-67E0\-4200\-B120\-3021596689E9.{0,1000}offensive_tool_keywordVectorKernelPoCs for Kernelmode rootkit techniques research.T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518TA0003 - TA0005 - TA0004 - TA0008 - TA0007N/AN/AExploitation toolhttps://github.com/daem0nc0re/VectorKernel/10#GUIDprojectN/A104367602025-01-21T08:22:42Z2023-11-23T12:36:31Z23657
162
*29021B28-61F9-492D-BB51-7CA8889087E5*.{0,1000}29021B28\-61F9\-492D\-BB51\-7CA8889087E5.{0,1000}offensive_tool_keywordDitExplorerTool for viewing NTDS.ditT1003.003TA0006N/AN/ACredential Accesshttps://github.com/trustedsec/DitExplorer10#GUIDProjectN/A102155132025-03-14T13:02:44Z2025-02-12T15:54:04Z23660
163
*29390239-C06E-4F26-B5A3-594A08D8D30C*.{0,1000}29390239\-C06E\-4F26\-B5A3\-594A08D8D30C.{0,1000}offensive_tool_keywordCarbanakremote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machinesT1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041TA0006 - TA0008 - TA0010 - TA0011CarbanakFIN7 - CarbanakMalwarehttps://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins10#GUIDprojectN/A1043962232019-05-01T23:31:35Z2019-04-22T21:01:08Z23678
164
*29446C11-A1A5-47F6-B418-0D699C6C3339*.{0,1000}29446C11\-A1A5\-47F6\-B418\-0D699C6C3339.{0,1000}offensive_tool_keywordGithubC2Github as C2T1095 - T1071.001TA0011N/AN/AC2https://github.com/TheD1rkMtr/GithubC210#GUIDprojectN/A1010136372023-08-02T02:26:05Z2023-02-15T00:50:59Z23681
165
*2944dbfc-8a1e-4759-a8a2-e4568950601d*.{0,1000}2944dbfc\-8a1e\-4759\-a8a2\-e4568950601d.{0,1000}offensive_tool_keywordo365enumEnumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002TA0040 - TA0010 - TA0007N/AN/AExploitation toolhttps://github.com/gremwell/o365enum10#GUIDprojectN/A73267392024-05-02T07:45:31Z2020-02-18T12:22:50Z23682
166
*29548EB7-5E44-21F9-5C82-15DDDC80449A*.{0,1000}29548EB7\-5E44\-21F9\-5C82\-15DDDC80449A.{0,1000}greyware_tool_keywordRemComRemote Command Executor: A OSS replacement for PsExec and RunAsT1077 - T1059 - T1021 - T1569.002TA0002 - TA0005 - TA0008N/AAPT33 - TA558 - The Gorgon Group - Common Raven - APT-C-36 - Operation Comando Lateral Movementhttps://github.com/kavika13/RemCom10#GUIDprojectN/A1043461002017-10-30T04:48:38Z2011-11-09T11:00:09Z23687
167
*2963C954-7B1E-47F5-B4FA-2FC1F0D56AEA*.{0,1000}2963C954\-7B1E\-47F5\-B4FA\-2FC1F0D56AEA.{0,1000}offensive_tool_keywordSharpStaySharpStay - .NET PersistenceT1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123TA0003N/AN/APersistencehttps://github.com/0xthirteen/SharpStay10#GUIDprojectN/A105475972024-06-26T15:54:52Z2020-01-24T22:22:07Z23692
168
*2963C954-7B1E-47F5-B4FA-2FC1F0D56AEA*.{0,1000}2963C954\-7B1E\-47F5\-B4FA\-2FC1F0D56AEA.{0,1000}offensive_tool_keywordSharpStaySharpStay - .NET PersistenceT1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123TA0003N/AN/APersistencehttps://github.com/0xthirteen/SharpStay10#GUIDprojectN/A105475972024-06-26T15:54:52Z2020-01-24T22:22:07Z23693
169
*29CBBC24-363F-42D7-B018-5EF068BA8777*.{0,1000}29CBBC24\-363F\-42D7\-B018\-5EF068BA8777.{0,1000}offensive_tool_keywordPPLmedicDump the memory of any PPL with a Userland exploit chainT1003 - T1055 - T1564.001TA0005 - TA0006 - TA0009N/AN/ACredential Accesshttps://github.com/itm4n/PPLmedic10#GUIDprojectN/A84333362023-03-17T15:58:24Z2023-03-10T12:07:01Z23717
170
*29CFAA16-9277-4EFB-9E91-A7D11225160B*.{0,1000}29CFAA16\-9277\-4EFB\-9E91\-A7D11225160B.{0,1000}offensive_tool_keywordSharpSpraySharpSpray is a Windows domain password spraying tool written in .NET C#T1110TA0006N/AN/ACredential Accesshttps://github.com/iomoath/SharpSpray10#GUIDprojectN/A102130212021-11-25T19:13:56Z2021-08-31T16:09:45Z23719
171
*29E4E73B-EBA6-495B-A76C-FBB462196C64*.{0,1000}29E4E73B\-EBA6\-495B\-A76C\-FBB462196C64.{0,1000}greyware_tool_keywordrdpwrapRDP Wrapper Library used by malwaresT1021TA0008N/AN/ALateral Movementhttps://github.com/stascorp/rdpwrap10#GUIDprojectN/A10101533239112024-06-18T15:08:33Z2014-10-22T23:18:28Z23725
172
*2AD3951D-DEA6-4CF7-88BE-4C73344AC9DA*.{0,1000}2AD3951D\-DEA6\-4CF7\-88BE\-4C73344AC9DA.{0,1000}offensive_tool_keywordPrivFuArtsOfGetSystem privesc toolsT1134 - T1134.001 - T1078 - T1059 - T1075TA0004N/AN/APrivilege Escalationhttps://github.com/daem0nc0re/PrivFu/10#GUIDprojectArtsOfGetSystem1098491222025-01-21T05:22:50Z2021-12-28T13:14:25Z23775
173
*2AE886C3-3272-40BE-8D3C-EBAEDE9E61E1*.{0,1000}2AE886C3\-3272\-40BE\-8D3C\-EBAEDE9E61E1.{0,1000}offensive_tool_keywordDeadPotatoDeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privilegesT1134.001 - T1068 - T1055 - T1546.015TA0004 - TA0006 - TA0011N/AN/APrivilege Escalationhttps://github.com/lypd0/DeadPotato10#GUIDprojectN/A104382452024-08-17T06:08:29Z2024-07-31T01:08:30Z23780
174
*2AE886C3-3272-40BE-8D3C-EBAEDE9E61E1*.{0,1000}2AE886C3\-3272\-40BE\-8D3C\-EBAEDE9E61E1.{0,1000}offensive_tool_keywordgodpotatoGodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.T1134.001 - T1068 - T1055 - T1546.015TA0004 - TA0006 - TA0011Ghost RansomwareN/APrivilege Escalationhttps://github.com/BeichenDream/GodPotato10#GUIDprojectN/A101019382362023-11-24T19:22:31Z2022-12-23T14:37:00Z23781
175
*2AE886C3-3272-40BE-8D3C-EBAEDE9E61E1*.{0,1000}2AE886C3\-3272\-40BE\-8D3C\-EBAEDE9E61E1.{0,1000}offensive_tool_keywordSigmaPotatoSeImpersonate privilege escalation toolT1134 - T1055 - T1543TA0004 - TA0005 - TA0003N/AN/APrivilege Escalationhttps://github.com/tylerdotrar/SigmaPotato10#GUIDprojectN/A94326382024-05-16T23:46:04Z2023-09-09T01:35:42Z23782
176
*2B47F84C-9CA3-47E9-9970-8AF8233A9F12*.{0,1000}2B47F84C\-9CA3\-47E9\-9970\-8AF8233A9F12.{0,1000}offensive_tool_keywordLime-RATremote administration tool for Windows (RAT)T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003N/AAPT-C-36 - Operation ComandoMalwarehttps://github.com/NYAN-x-CAT/Lime-RAT10#GUIDprojectN/A101010864132019-06-24T17:05:48Z2018-02-07T15:35:56Z23802
177
*2B704D89-41B9-4051-A51C-36A82ACEBE10*.{0,1000}2B704D89\-41B9\-4051\-A51C\-36A82ACEBE10.{0,1000}offensive_tool_keywordPrivFuSeTcbPrivilege exploitationT1134 - T1134.001 - T1078 - T1059 - T1075TA0004N/AN/APrivilege Escalationhttps://github.com/daem0nc0re/PrivFu/10#GUIDprojectPrivFu\PowerOfTcb1098491222025-01-21T05:22:50Z2021-12-28T13:14:25Z23816
178
*2B914EE7-F206-4A83-B435-460D054315BB*.{0,1000}2B914EE7\-F206\-4A83\-B435\-460D054315BB.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z23819
179
*2C059FE7-C868-4C6D-AFA0-D62BA3C1B2E1*.{0,1000}2C059FE7\-C868\-4C6D\-AFA0\-D62BA3C1B2E1.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z23853
180
*2C6D323A-B51F-47CB-AD37-972FD051D475*.{0,1000}2C6D323A\-B51F\-47CB\-AD37\-972FD051D475.{0,1000}offensive_tool_keywordMultiDumpMultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetlyT1003 - T1564.002TA0005 - TA0006N/AN/ACredential Accesshttps://github.com/Xre0uS/MultiDump10#GUIDprojectN/A106510662025-03-28T10:40:27Z2024-02-02T05:56:29Z23880
181
*2C809982-78A1-4F1C-B0E8-C957C93B242F*.{0,1000}2C809982\-78A1\-4F1C\-B0E8\-C957C93B242F.{0,1000}offensive_tool_keywordDirty-Vanityinjection technique abusing windows fork API to evade EDRsT1055 - T1562 - T1070 - T1027TA0005 - TA0006N/AN/ADefense Evasionhttps://github.com/deepinstinct/Dirty-Vanity10#GUIDprojectN/A107633862022-12-23T10:54:10Z2022-11-24T10:54:00Z23887
182
*2CFB9E9E-479D-4E23-9A8E-18C92E06B731*.{0,1000}2CFB9E9E\-479D\-4E23\-9A8E\-18C92E06B731.{0,1000}offensive_tool_keywordNoFilterTool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.T1548 - T1548.002 - T1055 - T1055.004TA0004 - TA0003N/AN/APrivilege Escalationhttps://github.com/deepinstinct/NoFilter10#GUIDprojectN/A93298482024-10-29T07:30:35Z2023-07-30T09:25:38Z23912
183
*2D6FDD44-39B1-4FF8-8AE0-60A6B0979F5F*.{0,1000}2D6FDD44\-39B1\-4FF8\-8AE0\-60A6B0979F5F.{0,1000}offensive_tool_keywordr77-rootkitFileless ring 3 rootkit with installer and persistence that hides processes, files, network connectionsT1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009TA0005 - TA0003N/AN/APersistencehttps://github.com/bytecode77/r77-rootkit10#GUIDprojectN/A101018844252025-03-25T17:59:20Z2017-12-17T13:04:14Z23942
184
*2D863D7A-A369-419C-B4B3-54BDB88B5816*.{0,1000}2D863D7A\-A369\-419C\-B4B3\-54BDB88B5816.{0,1000}offensive_tool_keywordUsoDllLoaderThis PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit T1210.001 - T1055 - T1574.001TA0007 - TA0002 - TA0001N/AN/AExploitation toolhttps://github.com/itm4n/UsoDllLoader10#GUIDprojectN/AN/A43861002020-06-06T11:05:12Z2019-08-01T17:58:16Z23946
185
*2deff2ca-c313-4d85-aeee-414bac32e7ae*.{0,1000}2deff2ca\-c313\-4d85\-aeee\-414bac32e7ae.{0,1000}offensive_tool_keywordhotkeyzHotkey-based keylogger for WindowsT1056.001TA0006 - TA0009N/AN/ASniffing & Spoofinghttps://github.com/yo-yo-yo-jbo/hotkeyz10#GUIDprojectN/A912112024-10-17T17:50:19Z2024-06-03T21:23:16Z23969
186
*2E98B8D4-7A26-4F04-A95D-2051B0AB884C*.{0,1000}2E98B8D4\-7A26\-4F04\-A95D\-2051B0AB884C.{0,1000}offensive_tool_keywordS-injectWindows injection of x86/x64 DLL and ShellcodeT1055 - T1027TA0002 - TA0005 - TA0003N/AN/ADefense Evasionhttps://github.com/Joe1sn/S-inject10#GUIDprojectN/A104313452025-04-06T08:06:39Z2024-02-05T04:39:10Z24032
187
*2E9B1462-F47C-48CA-9D85-004493892381*.{0,1000}2E9B1462\-F47C\-48CA\-9D85\-004493892381.{0,1000}offensive_tool_keywordp0wnedShellp0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.T1086 - T1059 - T1106 - T1566TA0002 - TA0003 - TA0007N/AN/ADefense Evasionhttps://github.com/Cn33liz/p0wnedShell10#GUIDprojectN/A91015353352019-08-02T16:24:39Z2015-12-25T11:44:37Z24033
188
*2F00A05B-263D-4FCC-846B-DA82BD684603*.{0,1000}2F00A05B\-263D\-4FCC\-846B\-DA82BD684603.{0,1000}offensive_tool_keywordSharpDPAPISharpDPAPI is a C# port of some Mimikatz DPAPI functionality.T1552.002 - T1059.001 - T1112 - T1649TA0006 - TA0002N/AContiCredential Accesshttps://github.com/GhostPack/SharpDPAPI10#GUIDprojectN/A101012322152024-06-27T13:39:08Z2018-08-22T17:39:31Z24072
189
*2F00A05B-263D-4FCC-846B-DA82BD684603*.{0,1000}2F00A05B\-263D\-4FCC\-846B\-DA82BD684603.{0,1000}offensive_tool_keywordSharpPackcollection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and moreT1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011N/AN/AExploitation toolhttps://github.com/Lexus89/SharpPack10#GUIDprojectN/A10178192019-08-12T13:25:25Z2018-10-01T12:45:16Z24073
190
*2f00a05b-263d-4fcc-846b-da82bd684603*.{0,1000}2f00a05b\-263d\-4fcc\-846b\-da82bd684603.{0,1000}offensive_tool_keywordTelemetryAbusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.T1053 - T1547 - T1059TA0003 - TA0005 - TA0004N/AN/APrivilege Escalationhttps://github.com/Imanfeng/Telemetry10#GUIDprojectN/A92140132020-07-02T09:41:27Z2020-06-24T16:30:44Z24074
191
*2F8E74D2-3474-408C-9469-A4E3C97B7BBF*.{0,1000}2F8E74D2\-3474\-408C\-9469\-A4E3C97B7BBF.{0,1000}offensive_tool_keywordCarbanakremote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machinesT1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041TA0006 - TA0008 - TA0010 - TA0011CarbanakFIN7 - CarbanakMalwarehttps://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins10#GUIDprojectN/A1043962232019-05-01T23:31:35Z2019-04-22T21:01:08Z24106
192
*2FB94059-2D49-4EEA-AAF8-7E89E249644B*.{0,1000}2FB94059\-2D49\-4EEA\-AAF8\-7E89E249644B.{0,1000}offensive_tool_keywordVectorKernelPoCs for Kernelmode rootkit techniques research.T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518TA0003 - TA0005 - TA0004 - TA0008 - TA0007N/AN/AExploitation toolhttps://github.com/daem0nc0re/VectorKernel/10#GUIDprojectN/A104367602025-01-21T08:22:42Z2023-11-23T12:36:31Z24118
193
*2FE6C1D0-0538-48DB-B4FA-55F0296A5150*.{0,1000}2FE6C1D0\-0538\-48DB\-B4FA\-55F0296A5150.{0,1000}offensive_tool_keywordwin-brute-logonCrack any Microsoft Windows users password without any privilege (Guest account included)T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005TA0006 - TA0008 - TA0005N/AN/ACredential Accesshttps://github.com/PhrozenIO/win-brute-logon10#GUIDprojectN/A71011381912023-11-09T10:37:58Z2020-05-14T21:46:50Z24138
194
*2FEB96F5-08E6-48A3-B306-794277650A08*.{0,1000}2FEB96F5\-08E6\-48A3\-B306\-794277650A08.{0,1000}greyware_tool_keywordPAExecPAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec programT1047 - T1105 - T1204TA0003 - TA0008 - TA0040N/AN/ALateral Movementhttps://github.com/poweradminllc/PAExec10#GUIDprojectN/A1065601772025-02-21T15:14:44Z2013-11-13T04:05:27Z24140
195
*2FEB96F5-08E6-48A3-B306-794277650A08*.{0,1000}2FEB96F5\-08E6\-48A3\-B306\-794277650A08.{0,1000}greyware_tool_keywordPAExecPAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec programT1047 - T1105 - T1204TA0003 - TA0008 - TA0040N/AN/ALateral Movementhttps://github.com/poweradminllc/PAExec10#GUIDprojectN/A1065601772025-02-21T15:14:44Z2013-11-13T04:05:27Z24141
196
*304D5A8A-EF98-4E21-8F4D-91E66E0BECAC*.{0,1000}304D5A8A\-EF98\-4E21\-8F4D\-91E66E0BECAC.{0,1000}offensive_tool_keywordUACMEDefeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.T1548 - T1547 - T1218TA0002 - TA0005 - TA0004N/AEvilnumDefense Evasionhttps://github.com/hfiref0x/UACME10#GUIDprojectN/A1010671113482025-03-09T03:33:26Z2015-03-28T12:04:33Z24175
197
*307088B9-2992-4DE7-A57D-9E657B1CE546*.{0,1000}307088B9\-2992\-4DE7\-A57D\-9E657B1CE546.{0,1000}offensive_tool_keywordDumpertDumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.T1055.011 - T1003 - T1562.001 - T1027TA0005 - TA0006N/ADispossessorCredential Accesshttps://github.com/outflanknl/Dumpert10#GUIDprojectN/A101015232462021-01-05T08:58:26Z2019-06-17T18:22:01Z24182
198
*30B8883F-A0A2-4256-ADCF-A790525D3696*.{0,1000}30B8883F\-A0A2\-4256\-ADCF\-A790525D3696.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z24205
199
*310FC5BE-6F5E-479C-A246-6093A39296C0*.{0,1000}310FC5BE\-6F5E\-479C\-A246\-6093A39296C0.{0,1000}offensive_tool_keywordxeno-ratXeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much moreT1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011N/AN/AC2https://github.com/moom825/xeno-rat10#GUIDprojectN/A101012253232024-03-05T06:22:36Z2023-10-17T06:41:56Z24229
200
*315C301F-E392-4F7D-9108-8E621C11D662*.{0,1000}315C301F\-E392\-4F7D\-9108\-8E621C11D662.{0,1000}offensive_tool_keywordCarbanakremote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machinesT1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041TA0006 - TA0008 - TA0010 - TA0011CarbanakFIN7 - CarbanakMalwarehttps://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins10#GUIDprojectN/A1043962232019-05-01T23:31:35Z2019-04-22T21:01:08Z24253
201
*32223BE8-3E78-489C-92ED-7900B26DFF43*.{0,1000}32223BE8\-3E78\-489C\-92ED\-7900B26DFF43.{0,1000}offensive_tool_keywordConfuserExConfuserEx is a widely used open source obfuscator often found in malwareT1027 - T1045TA0005 N/AN/ADefense Evasionhttps://github.com/yck1509/ConfuserEx10#GUIDprojectN/A610362916612019-05-14T14:23:56Z2014-03-28T07:00:26Z24314
202
*326D0AB1-CF2F-4A9B-B612-04B62D4EBA89*.{0,1000}326D0AB1\-CF2F\-4A9B\-B612\-04B62D4EBA89.{0,1000}offensive_tool_keywordshutterThe goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.T1562 - T1027TA0005 - TA0007N/AN/ADefense Evasionhttps://github.com/dsnezhkov/shutter10#GUIDprojectN/A102116152021-05-12T19:05:14Z2021-05-12T18:51:03Z24327