From 4c449062cade0096bf6fe666722cdcde9b1c6d29 Mon Sep 17 00:00:00 2001 From: pe3zx Date: Wed, 25 Aug 2021 17:23:16 +0700 Subject: [PATCH] Add: MinervaLabsResearch/CoffeeShot to Defense Evasion section --- Offensive.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Offensive.md b/Offensive.md index 6d40130..25d6396 100644 --- a/Offensive.md +++ b/Offensive.md @@ -1178,7 +1178,6 @@ Some tools can be categorized in more than one category. But because the current mdsecactivebreach/firewalker This repo contains a simple library which can be used to add FireWalker hook bypass capabilities to existing code - med0x2e/NoAmci Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load(). @@ -1191,6 +1190,10 @@ Some tools can be categorized in more than one category. But because the current mgeeky/Stracciatella OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup + + MinervaLabsResearch/CoffeeShot + CoffeeShot: Avoid Detection with Memory Injection + nccgroup/demiguise HTA encryption tool for RedTeams