PL-V / Firefox-Grabber
Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users
☆42Updated last year
Related projects: ⓘ
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- Red Team Operation's Defense Evasion Technique.☆50Updated 3 months ago
- ☆60Updated this week
- Do some DLL SideLoading magic☆72Updated 11 months ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆84Updated last year
- ☆87Updated this week
- Just another ntdll unhooking using Parun's Fart technique☆70Updated last year
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆87Updated 2 years ago
- ☆50Updated this week
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆77Updated last year
- A proof of concept I developed to improve Gargoyle back in 2018 to achieve true memory obfuscation from position independent code☆33Updated this week
- Tool for playing with Windows Access Token manipulation.☆50Updated last year
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆81Updated last year
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆74Updated 10 months ago
- ☆57Updated 9 months ago
- ☆68Updated this week
- Python module for running BOFs☆63Updated last year
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆37Updated 2 years ago
- ☆43Updated this week
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated 7 months ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆98Updated 2 years ago
- A C# port of the MinHook API hooking library☆50Updated last year
- Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10☆37Updated last year
- ☆42Updated this week
- It's pointy and it hurts!☆120Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆93Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 2 months ago