Meckazin / HidingFromETW
PoC for detecting and evading ETW detection of .Net Assembly.Load
☆18Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for HidingFromETW
- A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM☆18Updated 5 months ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆20Updated last year
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆17Updated last year
- Playing with PE's and Building Structures by Hand☆22Updated 2 years ago
- PoC MSI payload based on ASEC/AhnLab's blog post☆22Updated 2 years ago
- C# project to Reflectively load .Net assemblies in memory☆17Updated 5 months ago
- ☆45Updated 3 years ago
- Simple and sane cryptographic wrapper library.☆26Updated last year
- C code to enable ETW tracing for Dotnet Assemblies☆28Updated 2 years ago
- Windows File Enumeration Intel Gathering Tool.☆17Updated last year
- A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.☆18Updated 3 years ago
- Execute embedded Mimikatz☆13Updated 2 years ago
- ☆12Updated 2 years ago
- ☆35Updated 5 months ago
- ☆24Updated 2 years ago
- Cobalt Strike notifications via NTFY.☆13Updated last month
- Utility to analyse, ingest and push out credentials from common data sources during an internal penetration test.☆19Updated 2 years ago
- Remote code execution in Power Platform connectors via JSON deserialization☆19Updated last year
- ☆26Updated 4 years ago
- A collection of random small Aggressor snippets that don't warrant their own repo☆23Updated last year
- Golang Implementation of Hell's gate☆15Updated last year
- Extension functionality for the NightHawk operator client☆26Updated last year
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆27Updated 3 years ago
- A small example of loading BOFs in Python with pure reflection☆17Updated last year
- Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx☆14Updated 3 years ago
- ☆15Updated 3 months ago
- Extension functionality for the NightHawk operator client☆26Updated last year
- Find world writable directories that contain a .exe or .dll file☆12Updated 3 years ago
- SharpReg is a simple code set to interact with the Remote Registry service api and is compatible with Cobalt Strike.☆26Updated 4 years ago