SafeBreach-Labs / MagicDotLinks
A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
☆100Updated last year
Alternatives and similar repositories for MagicDot
Users that are interested in MagicDot are comparing it to the libraries listed below
Sorting:
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated 10 months ago
- ☆75Updated 10 months ago
- I have documented all of the AMSI patches that I learned till now☆72Updated 2 months ago
- ☆61Updated last year
- ☆78Updated last year
- Find DLLs with RWX section☆81Updated last year
- ☆155Updated 6 months ago
- ☆30Updated 6 months ago
- ☆29Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- Slides for COM Hijacking AV/EDR Talk on 38c3☆74Updated 5 months ago
- A more reliable way of resolving syscall numbers in Windows☆49Updated last year
- ☆62Updated 5 months ago
- ☆110Updated 7 months ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- ☆99Updated last year
- ☆110Updated 5 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆130Updated 10 months ago
- Linker for Beacon Object Files☆116Updated this week
- A BOF to enumerate system process, their protection levels, and more.☆116Updated 6 months ago
- A work in progress BOF/COFF loader in Rust☆50Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆55Updated 2 years ago
- ForsHops☆53Updated 2 months ago
- ☆28Updated last year
- ☆119Updated 4 years ago
- Win32 keylogger that supports all (non-ime using) languages correctly☆50Updated last year
- Construct the payload at runtime using an array of offsets☆63Updated last year
- It's pointy and it hurts!☆126Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated last year
- A simple C++ Windows tool to get information about processes exposing named pipes.☆38Updated 3 months ago