RedTeamOperations / Journey-to-McAfee
☆112Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for Journey-to-McAfee
- A basic emulation of an "RPC Backdoor"☆208Updated 2 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆153Updated 3 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆160Updated last year
- Simple BOF to read the protection level of a process☆104Updated last year
- POC tool to convert CobaltStrike BOF files to raw shellcode☆173Updated 3 years ago
- AV/EDR evasion via direct system calls.☆106Updated 11 months ago
- POC for frustrating/defeating Malware Analysts☆150Updated 2 years ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆227Updated last year
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆178Updated 2 years ago
- A fake AMSI Provider which can be used for persistence.☆139Updated 3 years ago
- ☆160Updated last year
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆86Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆135Updated 6 months ago
- ☆133Updated last year
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆174Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆175Updated last year
- Experiment on reproducing Obfuscate & Sleep☆139Updated 3 years ago
- Infect Shared Files In Memory for Lateral Movement☆192Updated last year
- POC tools for exploring SMB over QUIC protocol☆121Updated 2 years ago
- Implant drop-in for EDR testing☆128Updated last year
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆110Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆145Updated 11 months ago
- ☆181Updated last year
- ☆61Updated 2 years ago
- ☆128Updated 2 years ago
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆138Updated 2 years ago