T3nb3w / ComDotNetExploitLinks
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆332Updated 11 months ago
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below
Sorting:
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆262Updated 5 months ago
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆294Updated 3 months ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆223Updated 2 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆297Updated last year
- Exploitation of process killer drivers☆201Updated 2 years ago
- ☆274Updated 3 years ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆252Updated last year
- ☆199Updated last year
- An easily modifiable shellcode template for Windows x64 written in C☆277Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆408Updated 3 weeks ago
- UAC Bypass using UIAccess program QuickAssist☆206Updated 2 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆364Updated 2 years ago
- Generic PE loader for fast prototyping evasion techniques☆243Updated last year
- Sleep obfuscation☆264Updated last year
- For when DLLMain is the only way☆423Updated last year
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆196Updated 7 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆167Updated last year
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆357Updated last year
- kernel callback removal (Bypassing EDR Detections)☆210Updated 2 months ago
- EDRSandblast-GodFault☆271Updated 2 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆288Updated last year
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆203Updated 5 months ago
- A set of programs for analyzing common vulnerabilities in COM☆245Updated last year
- Windows rootkit designed to work with BYOVD exploits☆214Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆280Updated last year
- Bypass LSA protection using the BYODLL technique☆170Updated last year
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆465Updated 2 years ago
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆144Updated last year
- Load a dynamic library from memory by modifying the native Windows loader☆281Updated 7 months ago
- Injecting DLL into LSASS at boot☆156Updated 9 months ago