Cobalt-Strike / ProxyDLLExample
code for the Proxy DLL example blog post
☆57Updated 2 years ago
Related projects: ⓘ
- An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities☆43Updated 2 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆100Updated 2 years ago
- ☆50Updated this week
- Remove API hooks from a Beacon process.☆54Updated 2 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆50Updated 4 years ago
- ☆140Updated last year
- A BOF to parse the imports of a provided PE-file, optionally extracting symbols on a per-dll basis.☆81Updated 2 years ago
- ☆51Updated 3 years ago
- ☆53Updated 2 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆87Updated last year
- this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…☆81Updated 2 years ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆52Updated 3 years ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆94Updated 3 years ago
- .NET implementation of Cobalt Strike's External C2 Spec☆83Updated 2 years ago
- MiniDumpWriteDump behavior modification hook☆49Updated 3 years ago
- ☆73Updated this week
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Updated 3 years ago
- ☆91Updated 2 years ago
- ☆87Updated this week
- AMSI Bypass Via the Heap☆105Updated 3 years ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆109Updated last year
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆98Updated 2 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆97Updated last year
- Rewrote HellsGate in C# for fun and learning☆83Updated 2 years ago
- IOXIDResolver from AirBus Security/PingCastle☆45Updated 3 years ago
- RDPThief donut shellcode inject into mstsc☆74Updated 3 years ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆64Updated 2 months ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆82Updated last year
- .NET project for installing Persistence☆64Updated 2 years ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆93Updated last year