Helixo32 / DetectHooks
Detect userland hooks placed by AV/EDR
☆27Updated last year
Related projects: ⓘ
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 2 months ago
- A pure C version of SymProcAddress☆23Updated 6 months ago
- ☆45Updated last year
- ☆57Updated 9 months ago
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆32Updated 3 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆14Updated last year
- in-process powershell runner for BRC4☆35Updated 10 months ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆31Updated 4 months ago
- .NET port of Leron Gray's azbelt tool.☆26Updated 11 months ago
- ☆47Updated last year
- A care package of useful bofs for red team engagments☆47Updated last year
- Some of the presentations, workshops, and labs I gave at public conferences.☆21Updated last week
- Example of using Sleep to create better named pipes.☆41Updated last year
- Items related to the RedELK workshop given at security conferences☆25Updated 11 months ago
- Python3 rewrite of AsOutsider features of AADInternals☆25Updated last week
- A method to execute shellcode using RegisterWaitForInputIdle API.☆50Updated last year
- Determine if the WebClient Service (WebDAV) is running on a remote system☆15Updated 6 months ago
- ☆18Updated this week
- Just another Process Injection using Process Hollowing technique.☆16Updated last year
- Rewrite to fit my needs☆25Updated last month
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆37Updated last year
- ☆27Updated 3 months ago
- This repository focuses on replicating the behavioral patterns observed in well-documented APT campaigns.☆10Updated last year
- A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80☆18Updated 9 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆20Updated this week
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆55Updated 5 months ago
- Utilities for obfuscating shellcode☆38Updated 2 months ago
- DFSCoerce exe revisited version with custom authentication☆34Updated 8 months ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆79Updated last year
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆33Updated last year