π Orange Tsai EventViewer RCE
β195Apr 29, 2022Updated 3 years ago
Alternatives and similar repositories for EventViewer-UACBypass
Users that are interested in EventViewer-UACBypass are comparing it to the libraries listed below
Sorting:
- C# loader that copies a chunk at the time of the shellcode in memory, rather that all at onceβ23Jul 14, 2022Updated 3 years ago
- UAC Bypass By Abusing Kerberos Ticketsβ507Aug 10, 2023Updated 2 years ago
- Shellcode reflective DLL injection in Rustβ27Dec 26, 2025Updated 2 months ago
- Beacon Object File implementation of Event Viewer deserialization UAC bypassβ133May 6, 2022Updated 3 years ago
- Rust procedural macro to insert a few asm! calls full of junk instructions in between every line of code.β13May 27, 2023Updated 2 years ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layerβ542Feb 13, 2024Updated 2 years ago
- Persistence by writing/reading shellcode from Event Logβ379May 27, 2022Updated 3 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.β618Jan 2, 2025Updated last year
- Standalone Go implementation of Metasploit's "db_nmap" and "db_import" commands.β19Nov 6, 2024Updated last year
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Direβ¦β864Feb 3, 2024Updated 2 years ago
- Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).β819Dec 14, 2023Updated 2 years ago
- RunasCs - Csharp and open version of windows builtin runas.exeβ1,351Jul 12, 2024Updated last year
- leaking net-ntlm with webdavβ26Feb 23, 2021Updated 5 years ago
- Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.β313Jul 8, 2022Updated 3 years ago
- XOR decrypting shellcode using the GPU with OpenCL.β121May 22, 2025Updated 9 months ago
- Beacon Object File Loaderβ293Dec 3, 2023Updated 2 years ago
- A beacon object file implementation of PoolParty Process Injection Technique.β438Dec 21, 2023Updated 2 years ago
- A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operationβ18Dec 18, 2024Updated last year
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assemβ¦β742Jul 22, 2023Updated 2 years ago
- A BOF that runs unmanaged PEs inlineβ683Oct 23, 2024Updated last year
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"β122Jul 2, 2024Updated last year
- Creating a repository with all public Beacon Object Files (BoFs)β604Mar 2, 2026Updated 2 weeks ago
- Weaponizing for privileged file writes bugs with PrintNotify Serviceβ136May 17, 2022Updated 3 years ago
- You shall passβ270Jul 16, 2022Updated 3 years ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijackingβ286Jun 8, 2023Updated 2 years ago
- UAC bypass by abusing RPC and debug objects.β628Oct 19, 2023Updated 2 years ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.β40Jan 14, 2024Updated 2 years ago
- Various Cobalt Strike BOFsβ744Oct 16, 2022Updated 3 years ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Techniqueβ158Nov 7, 2023Updated 2 years ago
- β244May 5, 2024Updated last year
- Collection of remote authentication triggers in C#β524May 15, 2024Updated last year
- Windows Privilege Escalationβ104Aug 16, 2024Updated last year
- Fileless atexec, no more need for port 445β406Mar 28, 2024Updated last year
- Recovering NTLM hashes from Credential Guardβ377Dec 26, 2022Updated 3 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader featureβ101Feb 28, 2023Updated 3 years ago
- A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.β785Oct 16, 2025Updated 5 months ago
- Dominate Active Directory with PowerShell.β1,170Nov 28, 2025Updated 3 months ago
- β153Jan 6, 2023Updated 3 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.htβ¦β675Dec 23, 2022Updated 3 years ago