James Y ScriptIdiot

• Hong Kong
• 17:41 (UTC +08:00)
• @5cript1diot

Pinned Loading

1. An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.

   C 139 21

2. RDLL for Cobalt Strike beacon to silence sysmon process

   C 91 16

3. Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW

   C 86 8

4. Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process

   C 49 11

5. Section Mapping Process Injection modified with SysWhisper2 (sw2-secinject): Cobalt Strike BOF

   C 44 11

6. Cobalt strike CNA script to notify you via Discord whenever there is a new beacon.

   Python 33 4