DInvisibleRegistry
☆82Nov 20, 2020Updated 5 years ago
Alternatives and similar repositories for DInvisibleRegistry
Users that are interested in DInvisibleRegistry are comparing it to the libraries listed below
Sorting:
- The program is designed to obfuscate the shellcode.☆203Jul 13, 2021Updated 4 years ago
- A very proof-of-concept port of InlineWhispers for using syscalls in Nim projects.☆166Sep 10, 2021Updated 4 years ago
- C# Implementation of the Hell's Gate VX Technique☆216Jun 30, 2020Updated 5 years ago
- Companion PoC for the "Adventures in Dynamic Evasion" blog post☆129May 25, 2021Updated 4 years ago
- Project to enumerate proxy configurations and generate shellcode from CobaltStrike☆140Nov 4, 2020Updated 5 years ago
- ☆18Nov 24, 2020Updated 5 years ago
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)☆321Nov 9, 2021Updated 4 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆218Mar 5, 2020Updated 5 years ago
- ☆185Jan 5, 2021Updated 5 years ago
- Load .net assemblies from memory while having them appear to be loaded from an on-disk location.☆173May 5, 2021Updated 4 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.☆220May 3, 2023Updated 2 years ago
- Hardened Proof of Concept of D/Invoke Process Injection malware☆42Jul 23, 2020Updated 5 years ago
- PoC for UUID shellcode execution using DInvoke☆155Mar 8, 2021Updated 4 years ago
- C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThreadContext to evade Get-InjectedThread☆119Apr 9, 2019Updated 6 years ago
- ☆153Jan 6, 2023Updated 3 years ago
- Remove API hooks from a Beacon process.☆282Sep 18, 2021Updated 4 years ago
- Log converter from CS log to Ghostwriter CSV☆31Nov 23, 2020Updated 5 years ago
- A BOF for enumerating version information for DLLs associated for a Beacon process.☆16Nov 23, 2021Updated 4 years ago
- D/Invoke port of UrbanBishop☆108Jul 19, 2020Updated 5 years ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- ☆263Apr 10, 2023Updated 2 years ago
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆102Jan 7, 2022Updated 4 years ago
- Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.☆772Dec 21, 2022Updated 3 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- Pass the Hash to a named pipe for token Impersonation☆312Nov 29, 2023Updated 2 years ago
- ☆66Dec 24, 2021Updated 4 years ago
- Reflective DLL loading of your favorite Golang program☆173Jan 27, 2020Updated 6 years ago
- Bypass AMSI and Executing PowerShell scripts from C# - using CyberArk's method to bypass AMSI☆31Feb 22, 2020Updated 6 years ago
- ☆181Feb 3, 2021Updated 5 years ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,163Mar 31, 2021Updated 4 years ago
- This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes thr…☆196Jul 26, 2020Updated 5 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 2 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Aug 26, 2021Updated 4 years ago
- Run shellcode from resource☆259Dec 13, 2020Updated 5 years ago
- ☆198Mar 19, 2020Updated 5 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆595Jul 26, 2021Updated 4 years ago
- AMSI Bypass Via the Heap☆107Nov 20, 2020Updated 5 years ago