M01N-Team / HeaderLessPELinks
☆242Updated last year
Alternatives and similar repositories for HeaderLessPE
Users that are interested in HeaderLessPE are comparing it to the libraries listed below
Sorting:
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆206Updated 2 years ago
- Windows LPE☆129Updated last year
- CobaltStrike beacon in rust☆206Updated last year
- Dumping LSASS with a duplicated handle from custom LSA plugin☆201Updated 3 years ago
- Bypass Detection By Randomising ROR13 API Hashes☆142Updated 3 years ago
- SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Prefe…☆169Updated 2 weeks ago
- Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.☆192Updated 2 years ago
- ☆99Updated last year
- Misc TaskScheduler Plays☆235Updated 2 years ago
- A simple Sleepmask BOF example☆132Updated 2 months ago
- Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Pr…☆77Updated last year
- WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler☆127Updated last month
- ☆57Updated last year
- Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.☆245Updated last year
- A basic emulation of an "RPC Backdoor"☆242Updated 2 years ago
- Credential Guard Bypass Via Patching Wdigest Memory☆330Updated 2 years ago
- A Tool that aims to evade av with binary padding☆154Updated last year
- A Go implementation of Cobalt Strike style BOF/COFF loaders.☆232Updated 6 months ago
- Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC b…☆139Updated 2 years ago
- An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are a…☆136Updated 2 years ago
- Execute shellcode from a remote-hosted bin file using Winhttp.☆235Updated 2 years ago
- Process injection alternative☆339Updated 11 months ago
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆284Updated 4 months ago
- Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique☆74Updated 2 years ago
- Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC☆177Updated 3 years ago
- ☆59Updated 9 months ago
- CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)☆288Updated 3 years ago
- Weaponized HellsGate/SigFlip☆199Updated 2 years ago
- ErebusGate for Nim Bypass AV/EDR☆164Updated 2 years ago
- An implementation of an indirect system call☆129Updated last year