Leo4j / Invoke-RunAsSystem
A simple script to elevate current session to SYSTEM (needs to be run as Administrator)
☆12Updated 2 months ago
Alternatives and similar repositories for Invoke-RunAsSystem:
Users that are interested in Invoke-RunAsSystem are comparing it to the libraries listed below
- These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be…☆19Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 4 months ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆21Updated last year
- Extension functionality for the NightHawk operator client☆26Updated last year
- C# project to Reflectively load .Net assemblies in memory☆17Updated 7 months ago
- Unhook DLL via cleaning the DLL 's .text section☆8Updated 3 years ago
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆39Updated last year
- Custom Python shellcode encryptor and obfuscator☆13Updated 9 months ago
- A way to extract tickets in case I need to purge and restore tickets on the fly.☆17Updated 9 months ago
- Cobalt Strike BOF for quser.exe implementation using Windows API☆83Updated last year
- One gate to all syscalls!☆23Updated 2 years ago
- A C# implementation of dumping credentials from Windows Credential Manager☆56Updated last year
- Tool to aid in dumping LSASS process remotely☆37Updated 6 months ago
- A collection of random small Aggressor snippets that don't warrant their own repo☆23Updated last year
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆17Updated last year
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆20Updated 4 months ago
- A .NET binary loader that bypasses AMSI☆44Updated 3 years ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆30Updated last year
- ☆18Updated 3 months ago
- Bypassing Amsi using LdrLoadDll☆33Updated 3 weeks ago
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously☆31Updated 2 years ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆21Updated last year
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆15Updated 2 years ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆29Updated 7 months ago
- ☆26Updated 4 years ago
- A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation☆15Updated last month
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆71Updated last year
- Example of using Sleep to create better named pipes.☆41Updated last year
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆21Updated last year