0xsp-SRD / OffensivePascal
Pascal Offsec repo for malware dev and red teaming π©
β176Updated last year
Alternatives and similar repositories for OffensivePascal:
Users that are interested in OffensivePascal are comparing it to the libraries listed below
- WIP shellcode loader in nim with EDR evasion techniquesβ209Updated 2 years ago
- A BOF to automate common persistence tasks for red teamersβ270Updated last year
- This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR β¦β255Updated 2 years ago
- A basic emulation of an "RPC Backdoor"β238Updated 2 years ago
- A tool for converting SysWhispers3 syscalls for use with Nim projectsβ141Updated 2 years ago
- Beacon Object File PoC implementation of KillDefenderβ217Updated 2 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.β294Updated 2 years ago
- BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabsβ174Updated 3 years ago
- Dumping LSASS with a duplicated handle from custom LSA pluginβ201Updated 2 years ago
- An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are aβ¦β121Updated 2 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW providerβ252Updated last year
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process injectβ¦β231Updated 2 years ago
- Patch AMSI and ETWβ234Updated 8 months ago
- Repository contains psexec, which will help to exploit the forgotten pipeβ166Updated 2 months ago
- A BOF to determine Windows Defender exclusions.β243Updated last year
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.β197Updated last year
- AV/EDR evasion via direct system calls.β107Updated last year
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (β¦β169Updated last year
- DLL sideloading/proxying with Nim!β165Updated 2 years ago
- Bypass Detection By Randomising ROR13 API Hashesβ134Updated 2 years ago
- Execute shellcode from a remote-hosted bin file using Winhttp.β226Updated last year
- Start new PowerShell without etw and amsi in pure nimβ157Updated 2 years ago
- ErebusGate for Nim Bypass AV/EDRβ160Updated 2 years ago
- Pass the Hash to a named pipe for token Impersonationβ297Updated last year
- Extendable payload obfuscation and delivery frameworkβ141Updated 2 years ago