S12cybersecurity / Admin2Sys
Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM
☆47Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Admin2Sys
- Unhook DLL via cleaning the DLL 's .text section☆8Updated 3 years ago
- DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…☆37Updated 6 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated 9 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆38Updated 11 months ago
- API Hammering with C++20☆34Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆24Updated 5 months ago
- A proof of concept I developed to improve Gargoyle back in 2018 to achieve true memory obfuscation from position independent code☆39Updated 2 months ago
- Classic Process Injection with Memory Evasion Techniques implemantation☆63Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆32Updated last year
- This is a simple example of DLL hijacking enabling proxy execution.☆66Updated last year
- Crossplatform tool for inject shellcode into .exe and .dll binaries (x86 and x64)☆53Updated 6 months ago
- Splitting and executing shellcode across multiple pages☆99Updated last year
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆43Updated 3 years ago
- Extracting Syscall Stub, Modernized☆61Updated 2 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆79Updated last year
- User Mode Windows Rootkit☆54Updated 10 months ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆45Updated 2 years ago
- A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.☆70Updated 4 years ago
- Various methods of executing shellcode☆68Updated last year
- ☆35Updated last year
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆44Updated 6 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆55Updated last year
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- Patch AMSI and ETW in remote process via direct syscall☆77Updated 2 years ago
- ☆63Updated 9 months ago
- Next gen process injection technique☆42Updated 4 years ago
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Updated 2 years ago
- PDF Icon File Type Spoofer☆12Updated 4 months ago