17 open source projects by QAX-A-Team

Linux C2 框架demo，为期2周的”黑客编程马拉松“，从学习编程语言开始到实现一个demo的产物

a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数，避开基于execve系统调用监控的命令日志

A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.

SerialWriter is an incomplete implementation of Java serialization for study of Java deserialization vulnerabilities.

这是一个抓取浏览器密码的工具，后续会添加更多功能

红队基础设施自动化部署工具

A tool mainly to erase specified records from Windows event logs, with additional functionalities.

Weblogic环境搭建工具

sharpwmi是一个基于rpc的横向移动工具，具有上传文件和执行命令功能。

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on

Cobalt Strike插件 - RDP日志取证&清除

a pass-the-hash tool

a mini tool to dump password and NTLM hash from WDigest & MSV1_0 & tspkg, as a result of study of mimikatz

A reverse PTY shell in C

a tool to manipulate dcc(domain cached credentials) in windows registry, based mainly on the work of mimikatz and impacket

Papers