KINGSABRI / MSI-AlwaysInstallElevatedLinks
A Collection of templates that can be used for abusing window's AlwaysInstallElevated policy
☆32Updated 2 years ago
Alternatives and similar repositories for MSI-AlwaysInstallElevated
Users that are interested in MSI-AlwaysInstallElevated are comparing it to the libraries listed below
Sorting:
- Automating payload generation for OSEP labs and exam.☆34Updated 2 years ago
- ☆29Updated 2 years ago
- ☆141Updated 3 years ago
- Bypass AMSI via PowerShell by splitting a file into multiple chunks☆53Updated 3 years ago
- A small tool to convert Base64-encoded .kirbi tickets from Rubeus into .ccache files for Impacket☆58Updated 5 years ago
- this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…☆86Updated 2 years ago
- ☆50Updated 2 years ago
- ☆94Updated 3 years ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆56Updated 3 years ago
- POC tools for exploring SMB over QUIC protocol☆125Updated 3 years ago
- ☆88Updated 2 years ago
- ☆29Updated 2 years ago
- ☆64Updated 3 years ago
- A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY☆83Updated 3 years ago
- .NET project for installing Persistence☆64Updated 3 years ago
- ☆70Updated 2 years ago
- Pass the Hash to a named pipe for token Impersonation☆143Updated 4 years ago
- Collection of CobaltStrike beacon object files☆104Updated 3 years ago
- AutoStart teamserver and listeners with services☆73Updated 3 years ago
- Golng version of SharpDump that can be used to extract LSASS or any other proces. Provides token elevation prior to creating dump of high…☆21Updated 4 years ago
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆81Updated last year
- Checks for signature requirements over LDAP☆97Updated 2 years ago
- ☆94Updated 3 years ago
- AV/EDR evasion via direct system calls.☆108Updated last year
- SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#☆65Updated last year
- CNA that interacts with a JAR file to dynamically rename GUI tabs within Cobalt Strike from a JSON file.☆24Updated 3 years ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆95Updated 2 years ago
- Convert Cobalt Strike profiles to IIS web.config files☆115Updated 3 years ago
- Loads a custom dll in system32 via diaghub.☆76Updated 5 years ago
- DLL Hijack Search Order Enumeration BOF☆147Updated 3 years ago