Logisek / CalcOrItDidntHappenLinks
A curated collection of Living off the Land (LotL) attack demonstrations where trusted binaries go rogue, because if it didn’t launch calc.exe, did it even happen?
☆34Updated 2 weeks ago
Alternatives and similar repositories for CalcOrItDidntHappen
Users that are interested in CalcOrItDidntHappen are comparing it to the libraries listed below
Sorting:
- PoC MSI payload based on ASEC/AhnLab's blog post☆23Updated 2 years ago
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆26Updated 3 years ago
- Command and Control Framework using powershell implants☆35Updated 2 months ago
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆33Updated 2 years ago
- A PoC for achieving persistence via push notifications on Windows☆47Updated 2 years ago
- Extension functionality for the NightHawk operator client☆27Updated last year
- Just another Process Injection using Process Hollowing technique.☆18Updated last year
- Docker container for running CobaltStrike 4.10☆37Updated 11 months ago
- Items related to the RedELK workshop given at security conferences☆29Updated last year
- Smuggle a file to a user's browser☆20Updated 3 years ago
- Perform Windows domain enumeration via LDAP☆36Updated 3 years ago
- A lightweight HTTP/HTTPS reverse proxy for efficient, policy-based traffic filtering and redirection.☆45Updated 2 years ago
- Understanding WinRAR Code Execution Vulnerability (CVE-2023-38831)☆41Updated 2 years ago
- A cap/pcap packet parser to make life easier when performing stealth/passive reconnaissance.☆21Updated last year
- Yet, Another Packer/Loader☆25Updated 2 years ago
- Proof-of-Concept to evade auditd by writing /proc/PID/mem☆22Updated 2 years ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆33Updated 2 years ago
- OSED Practice binary☆24Updated last year
- Identify binaries with Authenticode digital signatures signed to an internal CA/domain☆40Updated last year
- ☆31Updated 2 years ago
- .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…☆43Updated last year
- A collection of tools using OCR to extract potential usernames from RDP screenshots.☆30Updated last year
- A repo to house files for our blogposts on blog.nviso.eu☆73Updated 5 months ago
- ☆54Updated 8 months ago
- Modified version of Impacket to use dynamic NTLMv2 Challenge/Response☆19Updated 2 years ago
- This repository contains several AMSI bypasses. These bypasses are based on some very nice research that has been put out by some awesome…☆24Updated 3 years ago
- ☆18Updated 10 months ago
- ☆18Updated 2 months ago
- ☆57Updated 10 months ago
- ☆18Updated last year