PL-V / Firefox-Grabber

Related projects: ⓘ

• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆85Updated 2 years ago
• vatsalgupta67 / Process-Hollowing
  Red Team Operation's Defense Evasion Technique.
  ☆50Updated 3 months ago
• D1rkMtr / PatchThatAMSI
  ☆60Updated this week
• MaorSabag / SideLoadingDLL
  Do some DLL SideLoading magic
  ☆72Updated 11 months ago
• ChoiSG / OneDriveUpdaterSideloading
  Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post
  ☆84Updated last year
• SecIdiot / TitanLdr
  ☆87Updated this week
• MaorSabag / Paruns-Fart
  Just another ntdll unhooking using Parun's Fart technique
  ☆70Updated last year
• apokryptein / secinject
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆87Updated 2 years ago
• NUL0x4C / W0wS3cur1tyEDR
  ☆50Updated this week
• mgeeky / msi-shenanigans
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆77Updated last year
• realoriginal / foliage
  A proof of concept I developed to improve Gargoyle back in 2018 to achieve true memory obfuscation from position independent code
  ☆33Updated this week
• eversinc33 / Godmode
  Tool for playing with Windows Access Token manipulation.
  ☆50Updated last year
• VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
  Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
  ☆86Updated 2 years ago
• ZeroMemoryEx / Overlord
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆81Updated last year
• CodeXTF2 / PyHmmm
  Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …
  ☆74Updated 10 months ago
• Bl4ckM1rror / PEAs
  ☆57Updated 9 months ago
• D1rkMtr / PatchAMSI
  ☆68Updated this week
• rkbennett / pybof
  Python module for running BOFs
  ☆63Updated last year
• mgeeky / CustomXMLPart
  A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.
  ☆37Updated 2 years ago
• code-scrap / DynamicWrapperDotNet
  ☆43Updated this week
• ProcessusT / UnhookingDLL
  This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…
  ☆67Updated 7 months ago
• shogunlab / Mochi
  Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.
  ☆98Updated 2 years ago
• rasta-mouse / MinHook.NET
  A C# port of the MinHook API hooking library
  ☆50Updated last year
• reveng007 / DareDevil
  Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10
  ☆37Updated last year
• ItsCyberAli / EncryptedReaper
  ☆42Updated this week
• SpikySabra / Kernel-Cactus
  It's pointy and it hurts!
  ☆120Updated last year
• caueb / ThreadlessStompingKann
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆32Updated 8 months ago
• boku7 / halosgate-ps
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆93Updated last year
• Hagrid29 / RemotePatcher
  Patch AMSI and ETW in remote process via direct syscall
  ☆78Updated 2 years ago
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆39Updated 2 months ago