Disguising Client Side Payloads

Ways of making payloads a little less suspicious.

User Mode APC Queue Injection

Using user-mode APC functions to execute code in remote processes.

Sleep Masks

Writing sleep masks in x64 assembly.

Offensive PowerShell

Using GetDelegateForFunctionPointer to execute Win32 API’s from memory in Powershell.


A list of common WinDBG commands.

Reflective DLL Injection

Executing DLL’s from memory.

DLL Injection

Injecting DLL’s into remote processes.

Interacting with Foreign Handlers

Writing stagers to interact with foreign C2 frameworks.


A Metasploit command reference.

Active Directory Schema Modification

Changing default security descriptor properties to escalate from a child to parent domain.

Exploiting Tomcat

Exploiting common Tomcat vulnerabilities.

Configuring Kali

Adding additional security auditing tools to Kali.