FULLSHADE / Auto-Elevate
Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
☆155Updated 3 years ago
Alternatives and similar repositories for Auto-Elevate:
Users that are interested in Auto-Elevate are comparing it to the libraries listed below
- Beacon Object File PoC implementation of KillDefender☆218Updated 2 years ago
- This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and down…☆246Updated last year
- Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.☆379Updated last year
- A BOF to automate common persistence tasks for red teamers☆273Updated last year
- COM Hijacking VOODOO☆265Updated this week
- WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement☆363Updated 3 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆322Updated 7 months ago
- WIP shellcode loader in nim with EDR evasion techniques☆209Updated 2 years ago
- Windows NTLM Authentication Backdoor☆233Updated last month
- A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.☆447Updated 11 months ago
- Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind☆441Updated last year
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆295Updated 2 years ago
- Payload Loader With Evasion Features☆314Updated 2 years ago
- Execute shellcode from a remote-hosted bin file using Winhttp.☆230Updated last year
- Pass the Hash to a named pipe for token Impersonation☆300Updated last year
- Persistence by writing/reading shellcode from Event Log☆369Updated 2 years ago
- Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)☆253Updated 2 years ago
- This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification.☆274Updated 3 years ago
- C# Lsass parser☆284Updated 3 years ago
- Terminate AV/EDR Processes using kernel driver☆339Updated last year
- A basic emulation of an "RPC Backdoor"☆239Updated 2 years ago
- Extendable payload obfuscation and delivery framework☆141Updated 2 years ago
- Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.☆299Updated 2 years ago
- A little tool to play with the Seclogon service☆310Updated 2 years ago
- PowerShell script to generate "proxy" counterparts to easily perform DLL Sideloading☆122Updated 5 years ago
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆318Updated 2 years ago
- Get fresh Syscalls from a fresh ntdll.dll copy☆227Updated 3 years ago
- You shall pass☆256Updated 2 years ago
- PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.☆393Updated 8 months ago
- Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC☆173Updated 2 years ago