NVISOsecurity / brown-bags
☆111Updated last year
Related projects: ⓘ
- Weaponising C# - Fundamentals Training Content☆71Updated 3 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆109Updated 11 months ago
- A fake AMSI Provider which can be used for persistence.☆134Updated 3 years ago
- tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"☆153Updated 2 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆121Updated 3 years ago
- Load .net assemblies from memory while having them appear to be loaded from an on-disk location.☆157Updated 3 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆177Updated 2 years ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆84Updated last year
- Simple EDR implementation to demonstrate bypass☆152Updated 4 years ago
- A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn☆100Updated last year
- WNF Code Execution Library Using C#☆108Updated 4 years ago
- ☆135Updated 2 years ago
- ☆130Updated this week
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆182Updated 3 years ago
- Hookers are cooler than patches.☆167Updated 2 years ago
- Simple APPLocker bypass summary☆39Updated 5 years ago
- ☆88Updated this week
- ☆32Updated this week
- Find .net assemblies locally☆85Updated last year
- Slide decks and/or materials from conference presentations☆55Updated last year
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆93Updated last year
- Cobalt Strike Beacon Object Files☆158Updated 2 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆136Updated 6 months ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆64Updated 2 months ago
- ☆99Updated this week
- Abuse Zabbix API to obtain Remote Command Execution on hosts☆17Updated 3 years ago
- Koppeling x Metatwin x LazySign☆200Updated 3 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆82Updated last year
- Start new PowerShell without etw and amsi in pure nim☆157Updated 2 years ago
- ☆83Updated 2 years ago