A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆334Mar 6, 2025Updated 11 months ago
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below
Sorting:
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆381Dec 13, 2024Updated last year
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- A set of programs for analyzing common vulnerabilities in COM☆246Sep 8, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆281Sep 18, 2024Updated last year
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆266Apr 8, 2025Updated 10 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- Activation Context Hijack☆169Aug 3, 2025Updated 6 months ago
- Tool for viewing NTDS.dit☆192Mar 14, 2025Updated 11 months ago
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆136Apr 18, 2025Updated 10 months ago
- ☆198Mar 28, 2025Updated 11 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆368Apr 19, 2023Updated 2 years ago
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆185Jan 17, 2026Updated last month
- A PowerShell console in C/C++ with all the security features disabled☆354Oct 14, 2025Updated 4 months ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆423Sep 29, 2025Updated 4 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆409Jan 11, 2026Updated last month
- ☆126Sep 1, 2024Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆232Feb 12, 2025Updated last year
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆263Aug 31, 2025Updated 6 months ago
- COM ViewLogger — new malware keylogging technique☆404Jan 6, 2025Updated last year
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆123Jan 17, 2026Updated last month
- ☆137Feb 11, 2025Updated last year
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆281Apr 6, 2025Updated 10 months ago
- BOF with Synthetic Stackframe☆225Oct 30, 2025Updated 3 months ago
- Reverse engineering winapi function loadlibrary.☆233Apr 17, 2023Updated 2 years ago
- Abusing Azure services over C2☆368Jan 20, 2026Updated last month
- A beacon object file implementation of PoolParty Process Injection Technique.☆433Dec 21, 2023Updated 2 years ago
- Fileless atexec, no more need for port 445☆404Mar 28, 2024Updated last year
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆200Apr 21, 2025Updated 10 months ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆614Jan 2, 2025Updated last year
- A BOF that runs unmanaged PEs inline☆680Oct 23, 2024Updated last year
- Generic PE loader for fast prototyping evasion techniques☆244Jul 2, 2024Updated last year
- Process injection alternative☆406Sep 6, 2024Updated last year
- FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loadi…☆400Sep 26, 2024Updated last year