A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
☆28Dec 16, 2021Updated 4 years ago
Alternatives and similar repositories for NativeFunctionStaticMap
Users that are interested in NativeFunctionStaticMap are comparing it to the libraries listed below
Sorting:
- Files for http://deniable.org/windows/windows-callbacks☆26Jul 9, 2020Updated 5 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- ☆94May 14, 2022Updated 3 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆220Nov 5, 2021Updated 4 years ago
- CNA that interacts with a JAR file to dynamically rename GUI tabs within Cobalt Strike from a JSON file.☆25May 23, 2022Updated 3 years ago
- ☆128Jun 28, 2023Updated 2 years ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆13Mar 17, 2022Updated 4 years ago
- ☆18Aug 19, 2021Updated 4 years ago
- Nim version of MDSec's Parallel Syscall PoC☆124Jan 14, 2022Updated 4 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆23Sep 15, 2023Updated 2 years ago
- works but not work, cao!☆24Sep 4, 2021Updated 4 years ago
- ☆82Feb 12, 2022Updated 4 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- Reflective DLL loading of your favorite Golang program☆173Jan 27, 2020Updated 6 years ago
- leaking net-ntlm with webdav☆26Feb 23, 2021Updated 5 years ago
- WhoAmI by asking the LDAP service on a domain controller.☆65Feb 8, 2022Updated 4 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- easy dll proxying in go☆14Apr 24, 2022Updated 3 years ago
- It stinks☆103Apr 22, 2022Updated 3 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- 从入门到放弃的产物,学习过程中用python实现的一个单点c2基本功能☆11Mar 11, 2020Updated 6 years ago
- PoC for UUID shellcode execution using DInvoke☆155Mar 8, 2021Updated 5 years ago
- A C# port of the MinHook API hooking library☆230Oct 21, 2025Updated 4 months ago
- Apply a filter to the events being reported by windows event logging☆15Sep 10, 2020Updated 5 years ago
- ☆44Oct 16, 2023Updated 2 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆116Feb 27, 2021Updated 5 years ago
- ☆29May 10, 2024Updated last year
- LdrLoadDll Unhooking☆135Jan 16, 2022Updated 4 years ago
- ☆170Jan 7, 2022Updated 4 years ago
- Use GZip to compress your .NET assemblies for loading with AssemblyResolve.☆20Apr 11, 2014Updated 11 years ago
- Phantom DLL Hollowing method implemented in modmap☆18Jun 9, 2021Updated 4 years ago
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆155Jan 21, 2023Updated 3 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 3 years ago
- Collection of Beacon Object Files☆635Nov 1, 2022Updated 3 years ago
- Research project for understanding how Mimikatz work and become better at C☆123Oct 22, 2021Updated 4 years ago
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- Syscall BOF to arbitrarily add/detract process token privilege rights.☆61Jul 10, 2024Updated last year
- Terminate the eventlog thread to disable the windows eventlog☆21Apr 1, 2020Updated 5 years ago
- Disable PPL via custom driver and dump lsass☆15Mar 13, 2021Updated 5 years ago