"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures.
☆28Sep 18, 2024Updated last year
Alternatives and similar repositories for D3MPSEC
Users that are interested in D3MPSEC are comparing it to the libraries listed below
Sorting:
- Direct syscalls Injection to bypass AV/EDR☆11May 18, 2024Updated last year
- This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…☆18Oct 31, 2024Updated last year
- NimReflectiveLoader is a Nim-based tool for in-memory DLL execution using Reflective DLL Loading.☆31Jan 21, 2024Updated 2 years ago
- A tool to assist DLL hijacking via the Havoc GUI☆13Jan 9, 2024Updated 2 years ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆50May 8, 2024Updated last year
- Example of async client/server sockets in .NET 5☆17Jun 9, 2021Updated 4 years ago
- Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…☆16Jun 4, 2025Updated 9 months ago
- This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.☆26Jul 26, 2024Updated last year
- This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead…☆140May 22, 2025Updated 10 months ago
- A Sublime Text plugin that allows for Nmap syntax highlighting☆13Sep 14, 2024Updated last year
- This central repository is crafted for cybersecurity enthusiasts, researchers, and professionals aiming to advance their skills. It offer…☆20May 22, 2025Updated 10 months ago
- x64 Registration-Free In-Process COM Automation Server.☆51Nov 28, 2022Updated 3 years ago
- Modified versions of the Cobalt Strike Process Injection Kit☆106Jan 24, 2024Updated 2 years ago
- .NET assembly loader with patching AMSI and ETW bypass☆31Apr 16, 2025Updated 11 months ago
- Detect userland hooks placed by AV/EDR☆28Sep 4, 2023Updated 2 years ago
- string/file/shellcode encryptor using AES/XOR☆11Oct 15, 2023Updated 2 years ago
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated last year
- Learning Process Injection and Hollowing techniques☆42Jun 26, 2022Updated 3 years ago
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …☆84Jan 12, 2023Updated 3 years ago
- ☆17May 22, 2024Updated last year
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆78Feb 8, 2023Updated 3 years ago
- Implementation of Indirect Syscall technique to pop a calc.exe☆112Jan 25, 2024Updated 2 years ago
- Bypassing Amsi using LdrLoadDll☆47Jan 8, 2025Updated last year
- Obfuscate payloads using IPv4, IPv6, MAC or UUID strings☆23Feb 17, 2024Updated 2 years ago
- A set of hashcat hcmask files, prioritized by cracking efficiency... and the hcmask_Generator_9000.xlsx tool.☆25Dec 17, 2023Updated 2 years ago
- Simple and sane compression wrapper library.☆19Oct 28, 2022Updated 3 years ago
- ☆27Feb 3, 2026Updated last month
- Use hardware breakpoint to dynamically change SSN in run-time☆280Apr 10, 2024Updated last year
- .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…☆46Jul 29, 2024Updated last year
- Dump Lsass Memory Using a Reflective Dll☆14Feb 4, 2022Updated 4 years ago
- Cobalt Strike BOFS☆16Dec 20, 2023Updated 2 years ago
- A manual PE mapping implementation, aka reflective loader☆21Feb 28, 2026Updated 3 weeks ago
- A collection of PoCs for different injection techniques on Windows!☆49Aug 27, 2023Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Jul 12, 2024Updated last year
- Proof of Concept example for abusing Process Hacker 2 (v2.39.124)☆23Oct 30, 2024Updated last year
- Collection of Offensive C# Tooling☆13Nov 4, 2021Updated 4 years ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆412Jan 11, 2026Updated 2 months ago
- Exploits written while preparing for the OSED exam☆25Apr 30, 2024Updated last year