S12cybersecurity / Admin2Sys
Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM
☆47Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Admin2Sys
- Unhook DLL via cleaning the DLL 's .text section☆8Updated 3 years ago
- DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…☆37Updated 5 months ago
- Akame is an open-source, UD shellcode loader written in C++17.☆19Updated 4 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated 8 months ago
- Red Team Operation's Defense Evasion Technique.☆51Updated 5 months ago
- API Hammering with C++20☆34Updated 2 years ago
- Extracting Syscall Stub, Modernized☆61Updated 2 years ago
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆44Updated 6 months ago
- Various methods of executing shellcode☆68Updated last year
- Demo from the Malware Analysis and Development Webinar☆19Updated 6 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆45Updated 2 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆24Updated 5 months ago
- This is a simple example of DLL hijacking enabling proxy execution.☆66Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆37Updated 10 months ago
- PDF Icon File Type Spoofer☆12Updated 4 months ago
- Fud Runpe Av Evasion / All Av Bypass☆30Updated last year
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆77Updated last year
- Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by…☆14Updated 6 months ago
- Classic Process Injection with Memory Evasion Techniques implemantation☆62Updated last year
- A Bumblebee-inspired Crypter☆80Updated last year
- Example of C# heap injector for x64 and x86 shellcodes☆13Updated last year
- NativePayload_PE1/PE2 , Injecting Meterpreter Payload bytes into local Process via Delegation Technique + in-memory with delay Changing R…☆57Updated last year
- ☆15Updated 3 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆62Updated 8 months ago
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆43Updated 3 years ago