RedSection / OffensivePH
OffensivePH - use old Process Hacker driver to bypass several user-mode access controls
☆329Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for OffensivePH
- Phantom DLL hollowing PoC☆350Updated 2 years ago
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆266Updated last year
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)☆308Updated 3 years ago
- Example code for EDR bypassing☆146Updated 5 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆341Updated 2 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆543Updated 3 years ago
- Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windo…☆218Updated 7 months ago
- Apply a filter to the events being reported by windows event logging☆261Updated 3 years ago
- Collection of Beacon Object Files☆549Updated 2 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆212Updated last year
- Just another Windows Process Injection☆389Updated 4 years ago
- Security product hook detection☆310Updated 3 years ago
- Command line interface to dump LSASS memory to disk via SilentProcessExit☆442Updated 3 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆715Updated 3 years ago
- Bypass UAC at any level by abusing the Program Compatibility Assistant with RPC, WDI, and more Windows components☆256Updated 3 years ago
- Managed assembly shellcode generation☆263Updated 3 years ago
- A little tool to play with the Seclogon service☆303Updated 2 years ago
- ☆469Updated last week
- Silence EDRs by removing kernel callbacks☆221Updated 3 years ago
- Killing your preferred antimalware by abusing native symbolic links and NT paths.☆351Updated 2 years ago
- Custom Metasploit post module to executing a .NET Assembly from Meterpreter session☆341Updated 4 years ago
- PIC lsass dumper using cloned handles☆572Updated 2 years ago
- You shall pass☆248Updated 2 years ago
- A shellcode function to encrypt a running process image when sleeping.☆329Updated 3 years ago
- Dump the memory of any PPL with a Userland exploit chain☆331Updated last year
- Project to check which Nt/Zw functions your local EDR is hooking☆179Updated 3 years ago
- An effort to track security vendors' use of Microsoft's Antimalware Scan Interface☆229Updated 2 years ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆239Updated 4 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆519Updated 11 months ago