A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
☆28Dec 16, 2021Updated 4 years ago
Alternatives and similar repositories for NativeFunctionStaticMap
Users that are interested in NativeFunctionStaticMap are comparing it to the libraries listed below
Sorting:
- CNA that interacts with a JAR file to dynamically rename GUI tabs within Cobalt Strike from a JSON file.☆25May 23, 2022Updated 3 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- Files for http://deniable.org/windows/windows-callbacks☆26Jul 9, 2020Updated 5 years ago
- ☆129Jun 28, 2023Updated 2 years ago
- ☆18Aug 19, 2021Updated 4 years ago
- Nim version of MDSec's Parallel Syscall PoC☆123Jan 14, 2022Updated 4 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆220Nov 5, 2021Updated 4 years ago
- ☆94May 14, 2022Updated 3 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- ☆81Feb 12, 2022Updated 4 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- Use GZip to compress your .NET assemblies for loading with AssemblyResolve.☆20Apr 11, 2014Updated 11 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆23Sep 15, 2023Updated 2 years ago
- works but not work, cao!☆24Sep 4, 2021Updated 4 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- easy dll proxying in go☆14Apr 24, 2022Updated 3 years ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆13Mar 17, 2022Updated 3 years ago
- A C# port of the MinHook API hooking library☆227Oct 21, 2025Updated 4 months ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆116Feb 27, 2021Updated 5 years ago
- leaking net-ntlm with webdav☆26Feb 23, 2021Updated 5 years ago
- WhoAmI by asking the LDAP service on a domain controller.☆64Feb 8, 2022Updated 4 years ago
- PoC for UUID shellcode execution using DInvoke☆155Mar 8, 2021Updated 4 years ago
- ☆29May 10, 2024Updated last year
- ☆44Oct 16, 2023Updated 2 years ago
- Apply a filter to the events being reported by windows event logging☆15Sep 10, 2020Updated 5 years ago
- A collection of weird ways to execute unmanaged code in .NET☆173May 4, 2021Updated 4 years ago
- ☆170Jan 7, 2022Updated 4 years ago
- CSharp Writeups for HackSys Extreme Vulnerable Driver☆45Dec 22, 2021Updated 4 years ago
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆155Jan 21, 2023Updated 3 years ago
- Reflective DLL loading of your favorite Golang program☆173Jan 27, 2020Updated 6 years ago
- Event Data Collector☆39Jan 12, 2026Updated last month
- Research project for understanding how Mimikatz work and become better at C☆124Oct 22, 2021Updated 4 years ago
- ☆48Mar 19, 2020Updated 5 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- Phantom DLL Hollowing method implemented in modmap☆18Jun 9, 2021Updated 4 years ago
- Zoom Persistence Aggressor and Handler☆55Mar 24, 2021Updated 4 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 2 years ago
- BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs☆187Oct 3, 2021Updated 4 years ago
- LdrLoadDll Unhooking☆135Jan 16, 2022Updated 4 years ago