A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆335Mar 6, 2025Updated last year
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below
Sorting:
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- A set of programs for analyzing common vulnerabilities in COM☆249Sep 8, 2024Updated last year
- Activation Context Hijack☆172Aug 3, 2025Updated 7 months ago
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆268Apr 8, 2025Updated 11 months ago
- Sleep obfuscation☆270Dec 13, 2024Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- Tool for viewing NTDS.dit☆196Mar 14, 2025Updated last year
- ☆198Mar 28, 2025Updated 11 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- ☆126Sep 1, 2024Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆150Apr 18, 2025Updated 11 months ago
- ☆136Feb 11, 2025Updated last year
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆124Jan 17, 2026Updated 2 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆374Apr 19, 2023Updated 2 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆424Sep 29, 2025Updated 5 months ago
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆200Apr 21, 2025Updated 10 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆412Jan 11, 2026Updated 2 months ago
- Weaponizing DCOM for NTLM Authentication Coercions☆274Jul 1, 2025Updated 8 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆234Feb 12, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post☆239Nov 7, 2024Updated last year
- COM ViewLogger — new malware keylogging technique☆407Jan 6, 2025Updated last year
- A BOF that runs unmanaged PEs inline☆683Oct 23, 2024Updated last year
- Fileless atexec, no more need for port 445☆406Mar 28, 2024Updated last year
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆618Jan 2, 2025Updated last year
- ☆108Aug 21, 2024Updated last year
- BOF with Synthetic Stackframe☆233Oct 30, 2025Updated 4 months ago
- ☆159Dec 13, 2024Updated last year
- A PowerShell console in C/C++ with all the security features disabled☆369Oct 14, 2025Updated 5 months ago
- Windows rootkit designed to work with BYOVD exploits☆217Jan 18, 2025Updated last year
- Reverse engineering winapi function loadlibrary.☆238Apr 17, 2023Updated 2 years ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆436Dec 21, 2023Updated 2 years ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆264Aug 31, 2025Updated 6 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆283Apr 6, 2025Updated 11 months ago