NetSPI / BOF-PELinks
An example reference design for a proposed BOF PE
☆168Updated last month
Alternatives and similar repositories for BOF-PE
Users that are interested in BOF-PE are comparing it to the libraries listed below
Sorting:
- Bypass LSA protection using the BYODLL technique☆161Updated 8 months ago
- ☆136Updated last year
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆146Updated 2 weeks ago
- bring your own vulnerable driver☆96Updated 2 years ago
- Reuse open handles to dynamically dump LSASS.☆244Updated last year
- ☆111Updated 4 months ago
- A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.☆145Updated 7 months ago
- ☆125Updated 9 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆130Updated 9 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆264Updated 8 months ago
- Generic PE loader for fast prototyping evasion techniques☆231Updated 11 months ago
- Implant drop-in for EDR testing☆139Updated last year
- TypeLib persistence technique☆115Updated 7 months ago
- The code is a pingback to the Dark Vortex blog:☆173Updated 2 years ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆120Updated last month
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆123Updated 4 months ago
- ☆115Updated 2 months ago
- The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/☆186Updated 2 years ago
- ForsHops☆53Updated 2 months ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆134Updated 2 years ago
- An App Domain Manager Injection DLL PoC on steroids☆172Updated last year
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor☆93Updated last year
- Exploitation of process killer drivers☆200Updated last year
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆146Updated 2 years ago
- ☆122Updated last year
- ☆106Updated 4 months ago
- A reflective DLL development template for the Rust programming language☆87Updated 2 weeks ago
- Port of Cobalt Strike's Process Inject Kit☆178Updated 6 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆257Updated 10 months ago
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 3 years ago