Modifies machine.config for persistence after installing signed .net assembly onto GAC
☆13Mar 17, 2022Updated 3 years ago
Alternatives and similar repositories for ConfigPersist
Users that are interested in ConfigPersist are comparing it to the libraries listed below
Sorting:
- A PowerShell script to prevent Sysmon from writing its events☆16Apr 23, 2020Updated 5 years ago
- Simple Aggressor Scripts for Cobalt Strike☆13Sep 24, 2020Updated 5 years ago
- A BOF for enumerating version information for DLLs associated for a Beacon process.☆16Nov 23, 2021Updated 4 years ago
- ☆37Jun 27, 2020Updated 5 years ago
- Proof of concept - Covert Channel using Windows Filtering Platform (C#)☆21Aug 29, 2021Updated 4 years ago
- .NET 4.0 Fast Directory / File Lister☆27Sep 25, 2020Updated 5 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆53May 21, 2020Updated 5 years ago
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- An azure devops tool for moar automation :D☆19Dec 8, 2022Updated 3 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- ☆23May 28, 2021Updated 4 years ago
- ☆44Oct 16, 2023Updated 2 years ago
- Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…☆16Jun 4, 2025Updated 8 months ago
- ☆15Aug 17, 2023Updated 2 years ago
- ☆12Jul 2, 2023Updated 2 years ago
- OpenHashAPI provides a secure method of communicating hashes and enables lightweight workflows for security practitioners and enthusiasts…☆13Oct 27, 2024Updated last year
- ☆31Jul 26, 2024Updated last year
- A Cobalt Strike Aggressor script to generate GadgetToJScript payloads☆101Sep 30, 2020Updated 5 years ago
- An injector that aims to be stealthy by using non suspicious API calls. Inspired by (https://github.com/FuzzySecurity/Sharp-Suite/tree/ma…☆24Jun 17, 2020Updated 5 years ago
- Caesar-Cipher based encryption☆29Mar 1, 2021Updated 5 years ago
- Swift code to parse the quarantine history database, Chrome history database, Safari history database, and Firefox history database on ma…☆15Dec 3, 2020Updated 5 years ago
- ☆11Jul 16, 2017Updated 8 years ago
- ☆12Aug 10, 2019Updated 6 years ago
- A dotnet executable to get an Entra token in an authenticated runtime☆16Oct 30, 2024Updated last year
- CloudFlare Worker Shell☆14Aug 29, 2020Updated 5 years ago
- A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.☆28Dec 16, 2021Updated 4 years ago
- WMI SA stuffs☆30Apr 18, 2022Updated 3 years ago
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated last year
- .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems☆36Dec 9, 2019Updated 6 years ago
- Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET☆64Nov 22, 2019Updated 6 years ago
- MiniDumpWriteDump behavior modification hook☆50Feb 15, 2021Updated 5 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆121Jun 24, 2020Updated 5 years ago
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆38Dec 13, 2020Updated 5 years ago
- C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.☆31Nov 9, 2021Updated 4 years ago
- Reproducing the SkeletonKey malware.☆11Apr 6, 2024Updated last year
- A collection of scripts used to support an OffSecOps pipeline.☆15Jan 31, 2021Updated 5 years ago
- ☆14Nov 29, 2021Updated 4 years ago
- All the content from my Troopers 19 talk☆12Mar 20, 2019Updated 6 years ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 5 months ago