Sh0ckFR/Lockbit3.0-MpClient-Defender-PoC external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Sh0ckFR/Lockbit3.0-MpClient-Defender-PoC

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Sh0ckFR/Lockbit3.0-MpClient-Defender-PoC)

Close

Sh0ckFR / Lockbit3.0-MpClient-Defender-PoCView on GitHubMore

• External links
• Readme badge

Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC

☆177Aug 1, 2022Updated 3 years ago

Alternatives and similar repositories for Lockbit3.0-MpClient-Defender-PoC

Users that are interested in Lockbit3.0-MpClient-Defender-PoC are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,008Jun 4, 2024Updated last year
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆511Aug 14, 2022Updated 3 years ago
• netero1010 / RDPHijack-BOF

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
  ☆313Jul 8, 2022Updated 3 years ago
• boku7 / injectAmsiBypass

  View on GitHub
  Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
  ☆382Mar 8, 2023Updated 3 years ago
• hackerhouse-opensource / iscsicpl_bypassUAC

  View on GitHub
  UAC bypass for x64 Windows 7 - 11
  ☆834Feb 2, 2026Updated last month
• boku7 / spawn

  View on GitHub
  Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
  ☆469Mar 8, 2023Updated 3 years ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆293Dec 3, 2023Updated 2 years ago
• WKL-Sec / HiddenDesktop

  View on GitHub
  HVNC for Cobalt Strike
  ☆1,309Dec 7, 2023Updated 2 years ago
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆681Aug 15, 2025Updated 7 months ago
• Octoberfest7 / CVE-2023-36874_BOF

  View on GitHub
  Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
  ☆205Aug 25, 2023Updated 2 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆220Nov 5, 2021Updated 4 years ago
• Octoberfest7 / JumpSession_BOF

  View on GitHub
  Beacon Object File allowing creation of Beacons in different sessions.
  ☆83May 23, 2022Updated 3 years ago
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆534Aug 1, 2022Updated 3 years ago
• Octoberfest7 / Mutants_Sessions_Self-Deletion

  View on GitHub
  Writeup of Payload Techniques in C involving Mutants, Session 1 -> Session 0 migration, and Self-Deletion of payloads.
  ☆129Apr 24, 2022Updated 3 years ago
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆253Jun 25, 2023Updated 2 years ago
• t3hbb / citrixphishlet

  View on GitHub
  Citrix Phishlet
  ☆24Feb 2, 2021Updated 5 years ago
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆375May 24, 2022Updated 3 years ago
• eladshamir / RPC-Backdoor

  View on GitHub
  A basic emulation of an "RPC Backdoor"
  ☆242Aug 25, 2022Updated 3 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆483Jul 12, 2023Updated 2 years ago
• Kudaes / Elevator

  View on GitHub
  UAC bypass by abusing RPC and debug objects.
  ☆628Oct 19, 2023Updated 2 years ago
• Wh04m1001 / IDiagnosticProfileUAC

  View on GitHub
  ☆184Jul 2, 2022Updated 3 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆95Mar 8, 2023Updated 3 years ago
• Octoberfest7 / CS_Uploads_Tracker

  View on GitHub
  Aggressor script add-in for CobaltStrike to track file uploads
  ☆48Nov 7, 2022Updated 3 years ago
• LloydLabs / shellcode-plain-sight

  View on GitHub
  Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
  ☆211Nov 12, 2025Updated 4 months ago
• Sh0ckFR / DLLirant

  View on GitHub
  DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
  ☆322Sep 23, 2022Updated 3 years ago
• OG-Sadpanda / SharpSword

  View on GitHub
  Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly
  ☆117Sep 30, 2024Updated last year
• tijme / amd-ryzen-master-driver-v17-exploit

  View on GitHub
  Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).
  ☆155Jan 21, 2023Updated 3 years ago
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆162Mar 1, 2024Updated 2 years ago
• yanghaoi / 360SecuritySandboxEscape

  View on GitHub
  Proofs-Of-360Security Sandbox Escape
  ☆10Mar 18, 2022Updated 4 years ago
• Wra7h / FlavorTown

  View on GitHub
  Various ways to execute shellcode
  ☆507Mar 13, 2024Updated 2 years ago
• Octoberfest7 / DropSpawn_BOF

  View on GitHub
  CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
  ☆286Jun 8, 2023Updated 2 years ago
• mgeeky / PackMyPayload

  View on GitHub
  A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…
  ☆1,117Jun 10, 2024Updated last year
• CCob / BOF.NET

  View on GitHub
  A .NET Runtime for Cobalt Strike's Beacon Object Files
  ☆772Sep 4, 2024Updated last year
• enkomio / AlanFramework

  View on GitHub
  A C2 post-exploitation framework
  ☆486Jan 24, 2024Updated 2 years ago
• ZeroMemoryEx / Blackout

  View on GitHub
  kill anti-malware protected processes ( BYOVD )
  ☆969Jul 21, 2023Updated 2 years ago
• netero1010 / TrustedPath-UACBypass-BOF

  View on GitHub
  Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.…
  ☆146Aug 16, 2021Updated 4 years ago
• sbasu7241 / HellsGate

  View on GitHub
  Rewrote HellsGate in C# for fun and learning
  ☆86Feb 10, 2022Updated 4 years ago
• icyguider / Shhhloader

  View on GitHub
  Syscall Shellcode Loader (Work in Progress)
  ☆1,259May 8, 2024Updated last year
• Octoberfest7 / MemFiles

  View on GitHub
  A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
  ☆473Jul 6, 2024Updated last year