Kudaes / Bin-FinderLinks
Detect EDR's exceptions by inspecting processes' loaded modules
☆130Updated last year
Alternatives and similar repositories for Bin-Finder
Users that are interested in Bin-Finder are comparing it to the libraries listed below
Sorting:
- Rusty Impersonate☆96Updated 2 years ago
- Implant drop-in for EDR testing☆139Updated last year
- ☆136Updated 2 years ago
- Your syscall factory☆123Updated this week
- Adversary Emulation Framework☆114Updated 11 months ago
- Simple BOF to read the protection level of a process☆115Updated 2 years ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆118Updated 11 months ago
- Do some DLL SideLoading magic☆84Updated last year
- ☆155Updated 6 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated last year
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆97Updated 2 years ago
- Windows Persistence IT-Security☆101Updated 3 months ago
- An example reference design for a proposed BOF PE☆175Updated 2 months ago
- EDRSandblast-GodFault☆266Updated last year
- Template-based generation of shellcode loaders☆77Updated last year
- ☆110Updated 5 months ago
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆182Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆188Updated 6 months ago
- Lateral Movement Using DCOM and DLL Hijacking☆294Updated 2 years ago
- I have documented all of the AMSI patches that I learned till now☆72Updated 2 months ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆93Updated last month
- ☆116Updated 3 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆130Updated 10 months ago
- ☆125Updated 9 months ago
- Find DLLs with RWX section☆81Updated last year
- An App Domain Manager Injection DLL PoC on steroids☆173Updated last year
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆113Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆265Updated 9 months ago
- ☆70Updated 2 years ago