Offensive-Panda / D3MPSECLinks
"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures.
☆25Updated 11 months ago
Alternatives and similar repositories for D3MPSEC
Users that are interested in D3MPSEC are comparing it to the libraries listed below
Sorting:
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Updated 6 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated 10 months ago
- ☆59Updated last year
- C++ tool and library for converting .bin files to shellcode in multiple output formats.☆30Updated last week
- Creation and removal of Defender path exclusions and exceptions in C#.☆31Updated last year
- A simple PoC of injection shellcode into a remote process and get the output using namepipe☆43Updated last year
- ☆57Updated 10 months ago
- .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…☆43Updated last year
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆42Updated 11 months ago
- Tool to bypass LSA Protection (aka Protected Process Light)☆56Updated 7 months ago
- DFSCoerce exe revisited version with custom authentication☆41Updated last year
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆38Updated last month
- Classic Process Injection with Memory Evasion Techniques implemantation☆71Updated last year
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆28Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆51Updated last year
- ☆82Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆76Updated last year
- EmbedExeLnk by x86matthew modified by d4rkiZ☆41Updated 2 years ago
- This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…☆54Updated 2 years ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆23Updated last year
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆33Updated last year
- in-process powershell runner for BRC4☆46Updated last year
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆39Updated 8 months ago
- Modified versions of the Cobalt Strike Process Injection Kit☆101Updated last year
- ☆47Updated 2 years ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆36Updated 4 months ago
- ☆110Updated 6 months ago
- A care package of useful bofs for red team engagments☆55Updated 8 months ago
- ☆98Updated 11 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated last year