Kudaes / Bin-FinderLinks
Detect EDR's exceptions by inspecting processes' loaded modules
☆130Updated last year
Alternatives and similar repositories for Bin-Finder
Users that are interested in Bin-Finder are comparing it to the libraries listed below
Sorting:
- Rusty Impersonate☆96Updated last year
- Adversary Emulation Framework☆106Updated 10 months ago
- EDRSandblast-GodFault☆265Updated last year
- ☆136Updated last year
- Simple BOF to read the protection level of a process☆114Updated 2 years ago
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆91Updated 3 weeks ago
- ETW based POC to identify direct and indirect syscalls☆185Updated 2 years ago
- An example reference design for a proposed BOF PE☆168Updated last month
- Do some DLL SideLoading magic☆83Updated last year
- Find DLLs with RWX section☆81Updated last year
- ☆115Updated 2 months ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆119Updated 11 months ago
- Implant drop-in for EDR testing☆139Updated last year
- A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.☆145Updated 7 months ago
- Your syscall factory☆123Updated last week
- ☆75Updated 2 years ago
- ☆155Updated 5 months ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆116Updated last year
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆94Updated 2 years ago
- ☆122Updated last year
- An App Domain Manager Injection DLL PoC on steroids☆172Updated last year
- ☆111Updated 4 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆187Updated 6 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated last year
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆178Updated last year
- ☆125Updated 9 months ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆128Updated 2 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆264Updated 8 months ago
- POC for frustrating/defeating Malware Analysts☆154Updated 2 years ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆227Updated last year