Example code samples from our ScriptBlock Smuggling Blog post
☆95Jun 18, 2024Updated last year
Alternatives and similar repositories for ScriptBlock-Smuggling
Users that are interested in ScriptBlock-Smuggling are comparing it to the libraries listed below
Sorting:
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Dec 16, 2023Updated 2 years ago
- Lateral Movement via the .NET Profiler☆100Nov 21, 2024Updated last year
- A C# Tool to gather information about email breaches☆16Dec 21, 2023Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆258Jun 29, 2024Updated last year
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆638May 8, 2025Updated 9 months ago
- Section-based payload obfuscation technique for x64☆64Aug 8, 2024Updated last year
- ☆216Mar 26, 2024Updated last year
- Reflective DLL Injection Made Bella☆249Jan 6, 2025Updated last year
- ☆160Jan 27, 2025Updated last year
- This repository implements Threadless Injection in C☆172Dec 23, 2023Updated 2 years ago
- ☆152Oct 2, 2023Updated 2 years ago
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆287Jan 21, 2024Updated 2 years ago
- ☆201May 29, 2024Updated last year
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆79Aug 5, 2024Updated last year
- A POC to disable TamperProtection and other Defender / MDE components☆254Jun 6, 2024Updated last year
- Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).☆586Mar 19, 2024Updated last year
- Automated .NET AppDomain hijack payload generation☆129Feb 4, 2025Updated last year
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆458Aug 2, 2024Updated last year
- Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current pr…☆21Jan 28, 2024Updated 2 years ago
- MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.☆336Aug 7, 2024Updated last year
- DFSCoerce exe revisited version with custom authentication☆42Jan 13, 2024Updated 2 years ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆88Feb 11, 2024Updated 2 years ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆701May 7, 2025Updated 9 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆297Jul 31, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆281Sep 18, 2024Updated last year
- ☆159May 5, 2025Updated 9 months ago
- ☆231Jun 10, 2025Updated 8 months ago
- ☆92May 15, 2024Updated last year
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 2 years ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆281Apr 6, 2025Updated 10 months ago
- PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges requir…☆154Jun 10, 2024Updated last year
- Generate AES128 and AES256 Kerberos keys from a given username, password, and realm☆18Sep 18, 2024Updated last year
- ☆162Jun 18, 2023Updated 2 years ago
- BOF for Kerberos abuse (an implementation of some important features of the Rubeus).☆546Nov 23, 2025Updated 3 months ago
- An interactive shell to spoof some LOLBins command line☆188Jan 27, 2024Updated 2 years ago