Meowmycks / catdumper
LSASS Credential Dumper that utilizes the Windows API, in-memory RC4 encryption and Base64 encoding, and HTTPS exfiltration.
☆10Updated last year
Alternatives and similar repositories for catdumper:
Users that are interested in catdumper are comparing it to the libraries listed below
- Remap ntdll.dll using only NTAPI functions with a suspended process☆21Updated 2 weeks ago
- A lexer and parser for Sleep☆19Updated 3 months ago
- Just another Process Injection using Process Hollowing technique.☆17Updated last year
- A simple Nim stager (w/ fiber execution)☆16Updated 3 years ago
- Cobalt Strike notifications via NTFY.☆13Updated 7 months ago
- A simple BOF that disables some logging with NtSetInformationProcess☆11Updated last year
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆13Updated last week
- ☆18Updated 6 months ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆15Updated 2 years ago
- This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…☆16Updated 5 months ago
- ☆19Updated 2 years ago
- ☆12Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 7 months ago
- C# project to Reflectively load .Net assemblies in memory☆17Updated 10 months ago
- A collection of random small Aggressor snippets that don't warrant their own repo☆23Updated 2 years ago
- Extension functionality for the NightHawk operator client☆27Updated last year
- ☆17Updated 2 months ago
- A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback …☆12Updated 6 months ago
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆18Updated 2 years ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆20Updated last week
- Bunch of BOF files☆30Updated 4 months ago
- PoC MSI payload based on ASEC/AhnLab's blog post☆23Updated 2 years ago
- ☆21Updated last month
- A simple website to act as a store for havoc modules and extensions☆26Updated 3 months ago
- Remove API hooks from a Beacon process.☆14Updated 3 years ago
- CVE-2021-34527 AddPrinterDriverEx() Privilege Escalation☆21Updated 2 years ago
- Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming an…☆31Updated last year
- An improvement and a different approach to Mockingjay Self-Injection.☆34Updated 11 months ago
- string encryption in Nim☆19Updated 10 months ago
- A simple rpc2socks alternative in pure Go.☆28Updated 9 months ago