IBM RedCON 2020 - Throwing an AquaWrench into the Kernel
☆44Aug 25, 2020Updated 5 years ago
Alternatives and similar repositories for IBM-RedCON-2020
Users that are interested in IBM-RedCON-2020 are comparing it to the libraries listed below
Sorting:
- Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Inj…☆42May 9, 2019Updated 6 years ago
- C# project to create or modify existing LNKs☆54Oct 18, 2022Updated 3 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆59Apr 1, 2022Updated 3 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- Injection of MSIL using Cecil☆12Jul 28, 2015Updated 10 years ago
- Automation Engine using the Covenant API and lua scripting☆24Dec 8, 2022Updated 3 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- C# code to run PIC using CreateThread☆17Apr 19, 2019Updated 6 years ago
- Evading WinDefender ATP credential-theft☆255Dec 2, 2019Updated 6 years ago
- ☆31Jul 27, 2020Updated 5 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated 2 years ago
- ☆30Nov 7, 2022Updated 3 years ago
- Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely☆424Jul 27, 2022Updated 3 years ago
- ☆164Dec 30, 2022Updated 3 years ago
- dem sharp donuts☆202Sep 11, 2022Updated 3 years ago
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆14Jul 16, 2025Updated 8 months ago
- Easily hook WIN32 x64 functions☆18Feb 19, 2025Updated last year
- A proof-of-concept tool that attempts to retrieve the configuration from the memory dump of an F-Secure C3 Relay executable.☆17Jul 2, 2021Updated 4 years ago
- x64 Windows privilege elevation using anycall☆22May 28, 2021Updated 4 years ago
- Apply a filter to the events being reported by windows event logging☆263Apr 24, 2021Updated 4 years ago
- Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability☆124Jul 30, 2020Updated 5 years ago
- Run shellcode through InnoSetup code engine.☆74Jun 22, 2023Updated 2 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆121Jun 24, 2020Updated 5 years ago
- ☆42Aug 10, 2019Updated 6 years ago
- NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)☆118Jun 7, 2023Updated 2 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆123Mar 25, 2022Updated 3 years ago
- Script that searches through all COM objects for any methods containing a key word of your choosing.☆73Feb 28, 2020Updated 6 years ago
- PoC demonstrating the use of cve-2020-1034 for privilege escalation☆126Mar 16, 2021Updated 5 years ago
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆244Jul 14, 2021Updated 4 years ago
- A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.☆220May 3, 2023Updated 2 years ago
- A simple POC to demonstrate the power of .NET debugging for injection☆73Aug 11, 2020Updated 5 years ago
- Simple and sane cryptographic wrapper library.☆27Apr 21, 2023Updated 2 years ago
- Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)☆426Apr 22, 2021Updated 4 years ago
- Expriments☆479Oct 3, 2024Updated last year
- Loads .NET Assembly Via CLR Loader☆17Mar 6, 2019Updated 7 years ago
- Lockless allows for the copying of locked files.☆254Apr 30, 2021Updated 4 years ago
- A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certifica…☆41Aug 6, 2021Updated 4 years ago
- x64 Registration-Free In-Process COM Automation Server.☆51Nov 28, 2022Updated 3 years ago
- SharpBuster is a C# implementation of a directory brute forcing tool. It's designed to be used via Cobalt Strike's execute-assembly and s…☆63Sep 2, 2020Updated 5 years ago