Offensive-Panda / D3MPSECLinks
"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures.
☆26Updated last year
Alternatives and similar repositories for D3MPSEC
Users that are interested in D3MPSEC are comparing it to the libraries listed below
Sorting:
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated 11 months ago
- C++ tool and library for converting .bin files to shellcode in multiple output formats.☆33Updated last month
- Creation and removal of Defender path exclusions and exceptions in C#.☆31Updated last year
- Cobalt Strike UDRL for memory scanner evasion.☆52Updated last year
- ☆58Updated 11 months ago
- A simple PoC of injection shellcode into a remote process and get the output using namepipe☆43Updated last year
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Updated 8 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆59Updated 4 months ago
- Tool to bypass LSA Protection (aka Protected Process Light)☆58Updated 9 months ago
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆42Updated last year
- ☆82Updated last year
- ☆53Updated last week
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆23Updated 2 years ago
- ☆98Updated last year
- ☆50Updated 2 months ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆41Updated 2 years ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- in-process powershell runner for BRC4☆47Updated last year
- ☆109Updated 7 months ago
- Modified versions of the Cobalt Strike Process Injection Kit☆101Updated last year
- Bypassing Amsi using LdrLoadDll☆46Updated 8 months ago
- DFSCoerce exe revisited version with custom authentication☆40Updated last year
- ☆60Updated last year
- I have documented all of the AMSI patches that I learned till now☆73Updated 6 months ago
- .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…☆44Updated last year
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆56Updated 5 months ago
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆38Updated 10 months ago
- string/file/shellcode encryptor using AES/XOR☆11Updated last year
- Run Cobalt Strike BOFs in Brute Ratel C4!☆71Updated 5 months ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆37Updated 5 months ago