Sh0ckFR / Lockbit3.0-MpClient-Defender-PoCLinks
Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC
☆178Updated 3 years ago
Alternatives and similar repositories for Lockbit3.0-MpClient-Defender-PoC
Users that are interested in Lockbit3.0-MpClient-Defender-PoC are comparing it to the libraries listed below
Sorting:
- Execute shellcode from a remote-hosted bin file using Winhttp.☆237Updated 2 years ago
- A basic emulation of an "RPC Backdoor"☆243Updated 3 years ago
- Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.☆311Updated 3 years ago
- WIP shellcode loader in nim with EDR evasion techniques☆220Updated 3 years ago
- ☆160Updated 2 years ago
- Bypass Detection By Randomising ROR13 API Hashes☆144Updated 3 years ago
- ☆133Updated 3 years ago
- Credential Guard Bypass Via Patching Wdigest Memory☆330Updated 2 years ago
- A C2 framework for initial access in Go☆196Updated 3 years ago
- A BOF to automate common persistence tasks for red teamers☆290Updated 2 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆300Updated 3 years ago
- Terminate AV/EDR Processes using kernel driver☆347Updated 2 years ago
- ☆245Updated 2 years ago
- Dumping LSASS with a duplicated handle from custom LSA plugin☆202Updated 3 years ago
- ☆242Updated 2 years ago
- A BOF to determine Windows Defender exclusions.☆250Updated 2 years ago
- COM Hijacking VOODOO☆317Updated 7 months ago
- Weaponized HellsGate/SigFlip☆203Updated 2 years ago
- Github as C2 Demonstration , free API = free C2 Infrastructure☆142Updated 2 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆215Updated 3 years ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆241Updated 2 years ago
- ☆233Updated 2 years ago
- Windows LPE☆132Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆194Updated 2 years ago
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆205Updated 2 years ago
- Beacon Object File PoC implementation of KillDefender☆236Updated 3 years ago
- Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)☆254Updated 3 years ago
- Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.☆149Updated 3 years ago
- Execute shellcode files with rundll32☆207Updated last year
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆177Updated 2 years ago