A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆335Mar 6, 2025Updated last year
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆385Dec 13, 2024Updated last year
- ForsHops☆154Mar 25, 2025Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆197Feb 6, 2025Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆286Sep 18, 2024Updated last year
- A set of programs for analyzing common vulnerabilities in COM☆260Sep 8, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Activation Context Hijack☆173May 4, 2026Updated 2 weeks ago
- Reaping treasures from strings in remote processes memory☆287Feb 8, 2025Updated last year
- Sleep obfuscation☆276Dec 13, 2024Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆269Apr 8, 2025Updated last year
- "Service-less" driver loading☆186Nov 28, 2024Updated last year
- Tool for viewing NTDS.dit☆200Mar 14, 2025Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆356Nov 19, 2024Updated last year
- ☆200Mar 28, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆192Jan 17, 2026Updated 4 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ☆127Sep 1, 2024Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆154Apr 18, 2025Updated last year
- ☆136Feb 11, 2025Updated last year
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆130Jan 17, 2026Updated 4 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆380Apr 19, 2023Updated 3 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated 2 years ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆432Sep 29, 2025Updated 7 months ago
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆206Apr 21, 2025Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆412Jan 11, 2026Updated 4 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Weaponizing DCOM for NTLM Authentication Coercions☆275Jul 1, 2025Updated 10 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆238Feb 12, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post☆242Nov 7, 2024Updated last year
- COM ViewLogger — new malware keylogging technique☆407Jan 6, 2025Updated last year
- A BOF that runs unmanaged PEs inline☆700Oct 23, 2024Updated last year
- A beacon object file implementation of PoolParty Process Injection Technique.☆449Dec 21, 2023Updated 2 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆627Jan 2, 2025Updated last year
- Fileless atexec, no more need for port 445☆407Mar 28, 2024Updated 2 years ago
- ☆159Dec 13, 2024Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Windows rootkit designed to work with BYOVD exploits☆221Jan 18, 2025Updated last year
- Reverse engineering winapi function loadlibrary.☆242Apr 17, 2023Updated 3 years ago
- BOF with Synthetic Stackframe☆247Oct 30, 2025Updated 6 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆264Aug 31, 2025Updated 8 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆286Apr 6, 2025Updated last year
- A PowerShell console in C/C++ with all the security features disabled☆386Oct 14, 2025Updated 7 months ago
- Stage 0☆169Dec 18, 2024Updated last year