SafeBreach-Labs / MagicDotLinks
A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
☆99Updated last year
Alternatives and similar repositories for MagicDot
Users that are interested in MagicDot are comparing it to the libraries listed below
Sorting:
- ☆76Updated last year
- A more reliable way of resolving syscall numbers in Windows☆53Updated last year
- ☆79Updated last year
- Select any exported function in a dll as the new dll's entry point.☆81Updated 10 months ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated last year
- Find DLLs with RWX section☆81Updated 2 years ago
- ☆61Updated last year
- A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.☆112Updated last year
- Win32 keylogger that supports all (non-ime using) languages correctly☆50Updated last year
- ☆31Updated 8 months ago
- I have documented all of the AMSI patches that I learned till now☆73Updated 4 months ago
- ☆28Updated last year
- Blog/Journal on how to backdoor VSCode extensions☆73Updated last month
- Slides for COM Hijacking AV/EDR Talk on 38c3☆74Updated 7 months ago
- Some of the presentations, workshops, and labs I gave at public conferences.☆33Updated 3 months ago
- ☆74Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆124Updated 2 years ago
- ☆137Updated 2 years ago
- CVE-2024-30090 - LPE PoC☆107Updated 10 months ago
- ☆108Updated 9 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆40Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆55Updated 2 years ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆44Updated 7 months ago
- ☆100Updated last year
- Windows AppLocker Driver (appid.sys) LPE☆63Updated last year
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆120Updated last year
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆114Updated 11 months ago
- ☆76Updated 7 months ago
- Identify and exploit leaked handles for local privilege escalation.☆109Updated 2 years ago