EvilBytecode / Powershell-PersistanceLinks
Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do not take any responsibility for its use or any actions taken.
☆10Updated 2 months ago
Alternatives and similar repositories for Powershell-Persistance
Users that are interested in Powershell-Persistance are comparing it to the libraries listed below
Sorting:
- Malware development in Go, learn today, anti dynamic analysis & Static & sandboxes.☆12Updated 2 months ago
- Parent Process ID Spoofing, coded in CGo.☆22Updated 2 months ago
- ☆19Updated 2 months ago
- Execute Remote Assembly with args passing and with AMSI and ETW patching☆11Updated 2 years ago
- Misery Loader to bypass modern EDR solutions☆11Updated 6 months ago
- Just another Process Injection using Process Hollowing technique.☆17Updated last year
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆22Updated 2 months ago
- A malicous Golang Package☆14Updated 2 months ago
- A Documentation for my module PS2BAT, it converts Powershell Scripts to Batchfile ones.☆11Updated 2 months ago
- Payload Dropper with Persistance & Privesc & UAC bypass 🐱👤☆13Updated last year
- My Own VirtualAlloc Implementation to use as alternative unknown for all the defense solutions of VirtualAlloc Win32 API Function☆9Updated last year
- Ransomware written in go, encrypt - decrypt.☆25Updated 2 months ago
- Obfuscate payloads using IPv4, IPv6, MAC or UUID strings☆20Updated last year
- This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…☆16Updated 8 months ago
- ☆16Updated last year
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆20Updated 2 months ago
- Database for custom made as well as publicly available stage-2 or beacons or stageless payloads, used by loaders/stage-1/stagers, or for …☆10Updated 5 months ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆20Updated 2 years ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆12Updated 2 months ago
- Cobalt Strike notifications via NTFY.☆14Updated 9 months ago
- Beacon Object Files used for Cobalt Strike☆19Updated 2 years ago
- Deobfuscation of XorStringsNet☆14Updated 8 months ago
- ☆31Updated 3 months ago
- Extension functionality for the NightHawk operator client☆27Updated last year
- Python3 tool to perform password spraying using RDP☆17Updated last year
- A mechanism that trampoline hooks functions in x86/x64 systems.☆22Updated 9 months ago
- Performs a global AMSI bypass by patching amsi.dll in memory.☆12Updated last month
- An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component☆11Updated last year
- ☆18Updated 7 months ago
- ☆19Updated 7 months ago