Kudaes / Bin-Finder
Detect EDR's exceptions by inspecting processes' loaded modules
☆121Updated 8 months ago
Related projects ⓘ
Alternatives and complementary repositories for Bin-Finder
- Rusty Impersonate☆94Updated last year
- ETW based POC to identify direct and indirect syscalls☆173Updated last year
- Your syscall factory☆121Updated 2 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆83Updated 5 months ago
- ☆133Updated last year
- ☆175Updated 11 months ago
- ☆116Updated 2 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆145Updated 11 months ago
- Simple BOF to read the protection level of a process☆104Updated last year
- Implant drop-in for EDR testing☆128Updated last year
- Early Bird APC Injection in Rust☆50Updated last month
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆113Updated 4 months ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆135Updated 6 months ago
- An App Domain Manager Injection DLL PoC on steroids☆161Updated 11 months ago
- Local & remote Windows DLL Proxying☆161Updated 5 months ago
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆170Updated 8 months ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆108Updated last year
- EDRSandblast-GodFault☆240Updated last year
- Find DLLs with RWX section☆75Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆146Updated 3 weeks ago
- ☆142Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆281Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆72Updated 9 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆209Updated 2 months ago
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆101Updated last year
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆110Updated last year
- Rust For Windows Cheatsheet☆110Updated 3 weeks ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆227Updated last year
- ☆109Updated 3 years ago
- Reuse open handles to dynamically dump LSASS.☆234Updated 7 months ago