Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post
☆99Oct 13, 2022Updated 3 years ago
Alternatives and similar repositories for OneDriveUpdaterSideloading
Users that are interested in OneDriveUpdaterSideloading are comparing it to the libraries listed below
Sorting:
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 2 years ago
- .net config loader☆348Nov 9, 2023Updated 2 years ago
- WNF Code Execution Library Using C#☆110May 18, 2020Updated 5 years ago
- this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…☆88Jun 24, 2022Updated 3 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Nov 21, 2022Updated 3 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆171Aug 1, 2023Updated 2 years ago
- DLL sideloading/proxying with Nim!☆173Dec 4, 2022Updated 3 years ago
- LittleCorporal: A C# Automated Maldoc Generator☆228Jul 30, 2021Updated 4 years ago
- ☆43Jan 2, 2023Updated 3 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- ☆153Jan 6, 2023Updated 3 years ago
- Your syscall factory☆126Jan 13, 2026Updated last month
- ☆47Feb 11, 2023Updated 3 years ago
- ☆166Nov 6, 2022Updated 3 years ago
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆64Dec 26, 2024Updated last year
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆499Feb 3, 2022Updated 4 years ago
- UDRL for CS☆444Dec 3, 2023Updated 2 years ago
- ☆15Feb 9, 2022Updated 4 years ago
- ☆208Feb 24, 2022Updated 4 years ago
- a tool to help operate in EDRs' blind spots☆767Dec 2, 2024Updated last year
- ☆319Jun 28, 2023Updated 2 years ago
- Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading☆886Jul 21, 2020Updated 5 years ago
- Select any exported function in a dll as the new dll's entry point.☆81Oct 25, 2024Updated last year
- ☆81Feb 12, 2022Updated 4 years ago
- Aggressor script add-in for CobaltStrike to track file uploads☆48Nov 7, 2022Updated 3 years ago
- Exploring in-memory execution of .NET☆138Apr 20, 2022Updated 3 years ago
- Cobalt Strike Beacon Object Files☆167May 2, 2022Updated 3 years ago
- Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.☆312Jul 8, 2022Updated 3 years ago
- A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.☆46Mar 1, 2021Updated 5 years ago
- Do some DLL SideLoading magic☆90Sep 20, 2023Updated 2 years ago
- Modified versions of the Cobalt Strike Process Injection Kit☆106Jan 24, 2024Updated 2 years ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆31Feb 26, 2024Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- Modules used by the Havoc Framework☆262Jun 17, 2024Updated last year
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- Interactive program for loading AES encrypted shellcode with Dynamic Invocation, and interactive .NET assemblies in memory.☆13Mar 16, 2022Updated 3 years ago
- C# port of LogServiceCrash☆46Oct 7, 2020Updated 5 years ago
- Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind☆482Jul 12, 2023Updated 2 years ago