Hagrid29 / DuplicateDump
Dumping LSASS with a duplicated handle from custom LSA plugin
☆194Updated 2 years ago
Related projects: ⓘ
- An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are a…☆118Updated last year
- Bypass Detection By Randomising ROR13 API Hashes☆131Updated 2 years ago
- Useful Cobalt Strike BOFs found or used during engagements☆129Updated 11 months ago
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆196Updated last year
- ☆143Updated last year
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆214Updated last year
- ☆201Updated 4 months ago
- Beacon Object File PoC implementation of KillDefender☆213Updated 2 years ago
- Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.☆133Updated last year
- DCSync Attack from Outside using Impacket☆109Updated 2 years ago
- A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY☆74Updated 2 years ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆225Updated last year
- Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.…☆115Updated 3 years ago
- A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0.☆145Updated 2 years ago
- BOF combination of KillDefender and Backstab☆153Updated last year
- Coerce Windows machines auth via MS-EVEN☆152Updated 8 months ago
- ☆234Updated last year
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆143Updated last year
- ☆132Updated last year
- Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL…☆160Updated last year
- ☆76Updated last year
- ErebusGate for Nim Bypass AV/EDR☆159Updated last year
- A BOF to automate common persistence tasks for red teamers☆263Updated last year
- BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs☆169Updated 2 years ago
- ☆92Updated last year
- In-memory token vault BOF for Cobalt Strike☆135Updated 2 years ago
- ☆205Updated this week
- Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.☆224Updated 3 months ago
- POC tools for exploring SMB over QUIC protocol☆119Updated 2 years ago
- Repository contains psexec, which will help to exploit the forgotten pipe☆160Updated last year