T3nb3w / ComDotNetExploitLinks
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆295Updated 3 months ago
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below
Sorting:
- Exploitation of process killer drivers☆201Updated last year
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆216Updated last week
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆161Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆331Updated 2 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆257Updated 10 months ago
- Generic PE loader for fast prototyping evasion techniques☆231Updated 11 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆264Updated 8 months ago
- A set of programs for analyzing common vulnerabilities in COM☆215Updated 8 months ago
- Bypass LSA protection using the BYODLL technique☆161Updated 8 months ago
- Windows rootkit designed to work with BYOVD exploits☆198Updated 4 months ago
- ☆190Updated last year
- EDRSandblast-GodFault☆265Updated last year
- For when DLLMain is the only way☆377Updated 7 months ago
- An example reference design for a proposed BOF PE☆168Updated last month
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆338Updated 9 months ago
- A Beacon Object File (BOF) template for Visual Studio☆197Updated 2 months ago
- Exploitation of echo_driver.sys☆170Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆342Updated 3 months ago
- Sleep obfuscation☆224Updated 5 months ago
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆159Updated 3 weeks ago
- ☆257Updated last year
- Patch AMSI and ETW☆239Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆242Updated last month
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆156Updated 2 months ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆192Updated last year
- An App Domain Manager Injection DLL PoC on steroids☆172Updated last year
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆168Updated 2 years ago
- kernel callback removal (Bypassing EDR Detections)☆166Updated 2 months ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆292Updated last year
- DLL proxying for lazy people☆159Updated 6 months ago