Leo4j / Invoke-RunAsSystem
A simple script to elevate current session to SYSTEM (needs to be run as Administrator)
☆14Updated 5 months ago
Alternatives and similar repositories for Invoke-RunAsSystem:
Users that are interested in Invoke-RunAsSystem are comparing it to the libraries listed below
- A .NET binary loader that bypasses AMSI☆45Updated 3 years ago
- A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…☆24Updated 2 years ago
- C# project to Reflectively load .Net assemblies in memory☆17Updated 10 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆21Updated last week
- A simple website to act as a store for havoc modules and extensions☆26Updated 3 months ago
- PoC to self-delete a binary in C#☆32Updated last year
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆20Updated 2 years ago
- A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously☆31Updated 2 years ago
- Custom Python shellcode encryptor and obfuscator☆12Updated last year
- A simple PE loader.☆25Updated 2 years ago
- A port of classic netcat to C#☆33Updated 2 years ago
- Extension functionality for the NightHawk operator client☆27Updated last year
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆12Updated 11 months ago
- Create PDFs with HTML smuggling attachments that save on opening the document.☆29Updated last year
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆26Updated 2 years ago
- SharpReg is a simple code set to interact with the Remote Registry service api and is compatible with Cobalt Strike.☆29Updated 5 years ago
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆18Updated 2 years ago
- Deobfuscation of XorStringsNet☆14Updated 5 months ago
- A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80☆20Updated 3 weeks ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆15Updated 2 years ago
- Apophis is a Bash script that leverages tools such as DotNetToJScript, ConfuserEx, Net-Obfuscator etc. to generate 'Shellcode runners'.☆20Updated 2 years ago
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆39Updated last year
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago
- Items related to the RedELK workshop given at security conferences☆29Updated last year
- Smuggle a file to a user's browser☆20Updated 3 years ago
- ☆28Updated 4 years ago
- A cap/pcap packet parser to make life easier when performing stealth/passive reconnaissance.☆21Updated 9 months ago
- AMSI Bypass for powershell☆30Updated 3 years ago
- A pure C version of SymProcAddress☆27Updated last year
- Hooked create process injection for meterpreter☆23Updated 3 years ago