All Security Engineering Courses

A BOF that's a BOF Loader and more https://github.com/0xTriboulet/InlineExecuteEx

HackSmarter - Hands on Phishing 🔥🆕 👨‍💻 Password : @WickHelps 👍 Exam Guide : link ❗️ Backup all channels link 👨‍💻 Proof of work Link 🚀 Any-Issues: Chat Here 🖥 Download Here1 Here2

A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and static signature removal. https://github.com/kapla0011/KaplaStrike #статьи_ссылки_scripts

🔴 A Web-Based OSCP/OSEP Cheat Sheet https://anshu19981.github.io/Pentestcheatsheet/

LOLEXFIL Living off the land Data Exfiltration methods (189 trusted tools).

Bypassing EDR in a Crystal Clear Way This blog takes you from how C2 payloads actually work under the hood all the way to building a fully evasive reflective loader that bypasses one of the best EDR's, covering module overloading with .pdata registration, NtContinue entry transfer, API call stack spoofing with Draugr, sleep masking, and Crystal Palace YARA signature removal. Every technique explained from why it exists, not just how it works. A Cobalt Strike Reflective Loader built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and static signature removal. https://github.com/kapla0011/KaplaStrike

🔒 Безопасная настройка OpenSSH: запрет root, ограничение IP, ключи 99% взломов SSH из-за дефолтных настроек. Боты бьют по root:22 24/7. За 10 минут превратим sshd_config в крепость: без root, только ключи, белый список IP. 1️⃣Бэкап и редактирование /etc/ssh/sshd_config

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sudo nano /etc/ssh/sshd_config

2️⃣ Запрет root и паролей PermitRootLogin no PasswordAuthentication no PubkeyAuthentication yes 3️⃣Ограничение по IP (AllowUsers) # Только с вашего офиса и VPS AllowUsers admin@192.168.1.100 admin@203.0.113.5 deploy@10.0.0.50 # Или подсети AllowUsers *@203.0.113.0/24 Root всё равно заблокирован, но можно @ваш_IP для root при необходимости. 4️⃣ Смена порта (обязательно) Port 2222 Боты сканируют 22, ваш 2222 игнорят. Откройте в ufw: sudo ufw allow 2222/tcp 5️⃣ Современные алгоритмы 2025 # Только сильные шифры Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com KexAlgorithms curve25519-sha256,[email protected] 6️⃣ Таймауты и лимиты ClientAliveInterval 300 ClientAliveCountMax 0 MaxAuthTries 3 LoginGraceTime 30 MaxSessions 2 🔑 Генерация и настройка ключей На локальной машине:

ssh-keygen -t ed25519 -C "admin@server" -f ~/.ssh/server_key
ssh-copy-id -i ~/.ssh/server_key.pub [email protected] -p 2222

Права на сервере:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R $USER:$USER ~/.ssh

✅Тестирование перед рестартом

sudo sshd -t  
# синтаксис конфига
sshd -T | grep -E "(permitrootlogin|passwordauthentication)"  
# эффективные настройки

Подключитесь с нового терминала: ssh -p 2222 admin@server 🔄Применение

sudo systemctl restart sshd
sudo ufw deny 22  # закройте старый порт
sudo ufw reload

🚨Fail2ban как вишенка

sudo apt install fail2ban
sudo systemctl enable fail2ban

В /etc/fail2ban/jail.local: [sshd] enabled = true port = 2222 💥Результат: 0% брутфорса, только ваши ключи с ваших IP. Логи чистые. 🖥 CodeGuard: Academy | Чат

KaplaStrike A Cobalt Strike Reflective Loader built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and static signature removal. Bypassing EDR in a Crystal Clear Way This blog takes you from how C2 payloads actually work under the hood all the way to building a fully evasive reflective loader that bypasses one of the best EDR's, covering module overloading with .pdata registration, NtContinue entry transfer, API call stack spoofing with Draugr, sleep masking, and Crystal Palace YARA signature removal. Every technique explained from why it exists, not just how it works.

Keylogger-BOF An async keylogger implemented as a Beacon Object File (BOF) for AdaptixC2. Захватывает нажатия клавиш по всей системе с помощью низкоуровневого захвата для клавиатуры (WH_KEYBOARD_LL) без появления каких-либо дополнительных процессов. Все собранные данные хранятся в именованной общей памяти — никогда не касается диска. https://github.com/DarksBlackSk/Keylogger-BOF #статьи_ссылки_scripts

WatchDogKiller PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD Blog: Researching an APT Attack and Weaponizing It: The WatchDog BYOVD Story

PatchReview MS patch checking tool

Gaining Initial Access and Outsmarting SmartScreen .zip email attachment that includes a VHDX (Hard Disk Image File) + Mark of the Web and SmartScreen bypass using Trusted Executable Reputation and DLL Sideloading. Tools: https://github.com/g3tsyst3m/CodefromBlog/tree/main/2026-2-21-Initial%20Access%20and%20Outsmarting%20SmartScreen

🏃 AD CS LOLBAS Toolkit

Native Windows toolkit for AD CS enumeration and exploitation. Everything runs through built-in OS components (certreq.exe, certutil.exe, PowerShell AD module, .NET Framework) - no third-party tools needed. Build with a sprinkle of FAFO and some finding out in lab env

Скрипты:

🐥adcs-common.ps1 🐥Invoke-Enumerate.ps1 🐥Invoke-SnapshotAudit.ps1 🐥Invoke-RemoteAudit.ps1 🐥Invoke-ESC1.ps1 .. Invoke-ESC13.ps1 🐥Invoke-FindTemplates.ps1 🐥Invoke-PassTheCert.ps1 🐥Invoke-ShadowCredentials.ps1 🐥Invoke-Kerberoast.ps1 🐥Invoke-DomainRecon.ps1

😹 Repo #adcs #windows #powershell ✈️ Whitehat Lab 💬Chat

The Mimikatz Missing Manual My goal was to create the "Missing Manual" — the documentation that explains not just the commands, but the why and the how of the Windows protocols being manipulated. Parts:

• Foundations: Setting up your environment and the basic syntax. • System Internals: How Windows handles tokens, processes, and services. • LSASS & Credentials: The heart of Mimikatz—extracting secrets from memory. • Kerberos Deep Dive: Tickets, forgery, and delegation. • PKI & Certificates: Hardware and software-based identities. • Domain Persistence: Owning the directory through replication. •DPAPI: Unlocking the secrets at rest.

CVE-2025-61155: Arbitrary Process Termination in GameDriverX64.sys (BYOVD) The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in one of its IOCTL handlers. A user-mode process can open a handle to the driver device and send specially crafted IOCTL requests. These requests are executed in kernel-mode context, allowing the attacker to terminate arbitrary processes, including critical system and security services (AV / EDR), without requiring administrative privileges. Blog: https://vespalec.com/blog/tower-of-flaws/

360WFP_Exploit BYOVD: Use 360 Security WFP driver (360netmon_x64_wfp.sys) to block EDR/XDR network connection.

Lnk-it-up Project for generating and identifying deceptive LNK files. Blog post: Trust Me, I'm A Shortcut. Windows’ primary mechanism for shortcuts, LNK files, is frequently abused by threat actors for payload delivery and persistence. This blog post introduces several new LNK file flaws that, amongst other things, allow attackers to fully spoof an LNK’s target and hide any command-line arguments provided.

#ad #collector ADWSDomainDump - инструмент для дампа инфы об AD через протокол ADWS. Позволяет извлекать данные и генерировать вывод в формате ldapdomaindump поверх легитимного HTTP-based протокола Использование:

adwsdomaindump -u 'thewoods.local\mathijs.verschuuren' -p 'password' -n 10.10.10.1 dc01.thewoods.local
[*] Connecting to ADWS host...
[+] ADWS port 9389 is reachable
[*] Binding to ADWS host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finished

https://github.com/mverschu/adwsdomaindump Чат в МАХ Канал в МАХ Telegram ✉️ @freedomfox