T3nb3w / ComDotNetExploitLinks
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆303Updated 3 months ago
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below
Sorting:
- ☆190Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆261Updated 10 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆221Updated last month
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆265Updated 9 months ago
- Generic PE loader for fast prototyping evasion techniques☆233Updated 11 months ago
- Bypass LSA protection using the BYODLL technique☆164Updated 9 months ago
- A set of programs for analyzing common vulnerabilities in COM☆215Updated 9 months ago
- For when DLLMain is the only way☆381Updated 7 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆161Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆334Updated 2 years ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆342Updated 10 months ago
- kernel callback removal (Bypassing EDR Detections)☆177Updated 3 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆242Updated 2 months ago
- Exploitation of process killer drivers☆201Updated last year
- Hide your P/Invoke signatures through other people's signed assemblies☆211Updated last year
- EDRSandblast-GodFault☆266Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆348Updated 4 months ago
- Dump the memory of any PPL with a Userland exploit chain☆335Updated 2 years ago
- ☆259Updated 2 years ago
- A Beacon Object File (BOF) template for Visual Studio☆202Updated 3 months ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆229Updated 8 months ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆197Updated last year
- Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs☆299Updated 2 years ago
- BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…☆383Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆277Updated 2 years ago
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆142Updated last year
- Admin to Kernel code execution using the KSecDD driver☆251Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆285Updated last year
- ☆257Updated last year
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆173Updated last week