BC-SECURITY/ScriptBlock-Smuggling

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/BC-SECURITY/ScriptBlock-Smuggling)

BC-SECURITY / ScriptBlock-Smuggling

Example code samples from our ScriptBlock Smuggling Blog post

☆95

Alternatives and similar repositories for ScriptBlock-Smuggling

Users that are interested in ScriptBlock-Smuggling are comparing it to the libraries listed below

Sorting:

dmcxblue / SharpGhostTask
View on GitHub
A C# port from Invoke-GhostTask
☆120Jan 5, 2024Updated 2 years ago
MayerDaniel / profiler-lateral-movement
View on GitHub
Lateral Movement via the .NET Profiler
☆100Nov 21, 2024Updated last year
naksyn / ProcessStomping
View on GitHub
A variation of ProcessOverwriting to execute shellcode on an executable's section
☆148Dec 16, 2023Updated 2 years ago
dmcxblue / SharpHIBP
View on GitHub
A C# Tool to gather information about email breaches
☆16Dec 21, 2023Updated 2 years ago
BlackSnufkin / Invoke-DumpMDEConfig
View on GitHub
PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges requir…
☆155Jun 10, 2024Updated last year
ProcessusT / EnumSSN
View on GitHub
Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current pr…
☆21Jan 28, 2024Updated 2 years ago
CICADA8-Research / RemoteKrbRelay
View on GitHub
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
☆640May 8, 2025Updated 10 months ago
BlackSnufkin / NovaLdr
View on GitHub
Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
☆262Jun 29, 2024Updated last year
OtterHacker / SetProcessInjection
View on GitHub
☆153Oct 2, 2023Updated 2 years ago
Slowerzs / PPLSystem
View on GitHub
☆206May 29, 2024Updated last year
OG-Sadpanda / SharpSword
View on GitHub
Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly
☆117Sep 30, 2024Updated last year
mandiant / ccmpwn
View on GitHub
☆218Mar 26, 2024Updated last year
AlteredSecurity / Disable-TamperProtection
View on GitHub
A POC to disable TamperProtection and other Defender / MDE components
☆255Jun 6, 2024Updated last year
pygrum / gimmick
View on GitHub
Section-based payload obfuscation technique for x64
☆64Aug 8, 2024Updated last year
lsecqt / ThreadlessInject-C-Implementation
View on GitHub
This repository implements Threadless Injection in C
☆172Dec 23, 2023Updated 2 years ago
cybersectroll / SharpPersistSD
View on GitHub
☆91May 15, 2024Updated last year
nbaertsch / AutoAppDomainHijack
View on GitHub
Automated .NET AppDomain hijack payload generation
☆129Feb 4, 2025Updated last year
Maldev-Academy / RemoteTLSCallbackInjection
View on GitHub
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
☆287Jan 21, 2024Updated 2 years ago
seriotonctf / kerberos_aes_key
View on GitHub
Generate AES128 and AES256 Kerberos keys from a given username, password, and realm
☆18Sep 18, 2024Updated last year
oldboy21 / RflDllOb
View on GitHub
Reflective DLL Injection Made Bella
☆251Jan 6, 2025Updated last year
outflanknl / unmanaged-dotnet-patch
View on GitHub
Modify managed functions from unmanaged code
☆53Feb 1, 2024Updated 2 years ago
CCob / Shwmae
View on GitHub
☆160Jan 27, 2025Updated last year
wh0amitz / SharpADWS
View on GitHub
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
☆586Mar 19, 2024Updated 2 years ago
MaLDAPtive / Invoke-Maldaptive
View on GitHub
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.
☆337Aug 7, 2024Updated last year
decoder-it / DFSCoerce-exe-2
View on GitHub
DFSCoerce exe revisited version with custom authentication
☆42Jan 13, 2024Updated 2 years ago
Thunter-HackTeam / EvilentCoerce
View on GitHub
☆164May 5, 2025Updated 10 months ago
trustedsec / specula
View on GitHub
☆234Jun 10, 2025Updated 9 months ago
WKL-Sec / LayeredSyscall
View on GitHub
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
☆301Jul 31, 2024Updated last year
Teach2Breach / early_cascade_inj_rs
View on GitHub
early cascade injection PoC based on Outflanks blog post, in rust
☆62Nov 8, 2024Updated last year
Octoberfest7 / DropSpawn_BOF
View on GitHub
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
☆286Jun 8, 2023Updated 2 years ago
ricardojoserf / NativeDump
View on GitHub
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
☆701May 7, 2025Updated 10 months ago
mlcsec / SigFinder
View on GitHub
Identify binaries with Authenticode digital signatures signed to an internal CA/domain
☆40Feb 6, 2024Updated 2 years ago
ewby / Mockingjay_BOF
View on GitHub
Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
☆158Nov 7, 2023Updated 2 years ago
zimnyaa / smbsocks
View on GitHub
A simple rpc2socks alternative in pure Go.
☆31Jul 8, 2024Updated last year
senzee1984 / EDRPrison
View on GitHub
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
☆460Aug 2, 2024Updated last year
jsecu / ModTask
View on GitHub
☆53Sep 23, 2025Updated 5 months ago
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆283Sep 18, 2024Updated last year
0xHossam / HuffLoader
View on GitHub
Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
☆283Apr 6, 2025Updated 11 months ago
klezVirus / koppeling-p
View on GitHub
Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
☆79Aug 5, 2024Updated last year