3gstudent / ntfsDump
Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
☆111Updated 3 years ago
Related projects: ⓘ
- ☆100Updated this week
- ☆61Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆50Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- Implant drop-in for EDR testing☆126Updated 10 months ago
- I have documented all of the AMSI patches that I learned till now☆66Updated last year
- ☆107Updated this week
- It's pointy and it hurts!☆120Updated last year
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆87Updated 2 years ago
- C# version of NTLMRawUnHide☆71Updated last year
- ☆123Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- Simple BOF to read the protection level of a process☆101Updated last year
- ☆132Updated last year
- ☆105Updated last year
- ☆97Updated last year
- ☆99Updated this week
- ☆62Updated last month
- ☆70Updated last year
- Beacon Object File allowing creation of Beacons in different sessions.☆73Updated 2 years ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆69Updated 7 months ago
- ☆87Updated this week
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆82Updated last year
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆93Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆94Updated 3 years ago
- ☆87Updated 2 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- ☆68Updated last year
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆109Updated last year
- ☆68Updated this week