S12cybersecurity / Admin2Sys

Related projects ⓘ

Alternatives and complementary repositories for Admin2Sys

• Kara-4search / FullDLLUnhooking_CSharp
  Unhook DLL via cleaning the DLL 's .text section
  ☆8Updated 3 years ago
• Offensive-Panda / C2_Elevated_Shell_DLL_Hijcking
  DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…
  ☆37Updated 6 months ago
• ProcessusT / UnhookingDLL
  This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…
  ☆67Updated 9 months ago
• caueb / ThreadlessStompingKann
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆38Updated 11 months ago
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆34Updated 2 years ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆85Updated 2 years ago
• AlSch092 / HideStaticReferences
  Research into removing strings & API call references at compile-time (Anti-Analysis)
  ☆24Updated 5 months ago
• realoriginal / foliage
  A proof of concept I developed to improve Gargoyle back in 2018 to achieve true memory obfuscation from position independent code
  ☆39Updated 2 months ago
• S12cybersecurity / NinjaInjector
  Classic Process Injection with Memory Evasion Techniques implemantation
  ☆63Updated last year
• fin3ss3g0d / HookFinder
  Simple PoC to locate hooked functions by EDR in ntdll.dll
  ☆32Updated last year
• nullsection / Discord-DLL-Hijacking
  This is a simple example of DLL hijacking enabling proxy execution.
  ☆66Updated last year
• MastMind / PE-infector
  Crossplatform tool for inject shellcode into .exe and .dll binaries (x86 and x64)
  ☆53Updated 6 months ago
• x0reaxeax / PageSplit
  Splitting and executing shellcode across multiple pages
  ☆99Updated last year
• benheise / TitanLdr
  Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
  ☆43Updated 3 years ago
• GetRektBoy724 / TripleS
  Extracting Syscall Stub, Modernized
  ☆61Updated 2 years ago
• ZeroMemoryEx / Overlord
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆79Updated last year
• S12cybersecurity / S12URootkit
  User Mode Windows Rootkit
  ☆54Updated 10 months ago
• Hagrid29 / herpaderply_hollowing
  Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
  ☆45Updated 2 years ago
• michaelweber / CSharpSourceObfuscator
  A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.
  ☆70Updated 4 years ago
• Kr0ff / WinMalDev
  Various methods of executing shellcode
  ☆68Updated last year
• AzAgarampur / byeintegrity9-uac
  ☆35Updated last year
• sexyiam / UAC-Bypass
  UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.
  ☆44Updated 6 months ago
• WKL-Sec / StackMask
  A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
  ☆55Updated last year
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 2 years ago
• Hagrid29 / RemotePatcher
  Patch AMSI and ETW in remote process via direct syscall
  ☆77Updated 2 years ago
• tasox / CSharp_Process_Injection
  ☆63Updated 9 months ago
• maziland / StackBombing
  Next gen process injection technique
  ☆42Updated 4 years ago
• PL-V / Firefox-Grabber
  Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users
  ☆42Updated 2 years ago
• S12cybersecurity / PDFTypeSpoofing
  PDF Icon File Type Spoofer
  ☆12Updated 4 months ago