T3nb3w / ComDotNetExploit
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆285Updated 2 months ago
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below
Sorting:
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆253Updated 9 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆160Updated 11 months ago
- Exploitation of process killer drivers☆200Updated last year
- Generic PE loader for fast prototyping evasion techniques☆231Updated 10 months ago
- A set of programs for analyzing common vulnerabilities in COM☆213Updated 8 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆211Updated 3 weeks ago
- Sleep obfuscation☆222Updated 4 months ago
- Bypass LSA protection using the BYODLL technique☆158Updated 7 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆330Updated 2 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆261Updated 7 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆333Updated 9 months ago
- EDRSandblast-GodFault☆261Updated last year
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆188Updated last year
- ☆256Updated 2 years ago
- A Beacon Object File (BOF) template for Visual Studio☆194Updated last month
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆237Updated last month
- An example reference design for a proposed BOF PE☆163Updated 3 weeks ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆338Updated 3 months ago
- Load a dynamic library from memory by modifying the native Windows loader☆218Updated last week
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆141Updated last year
- Windows rootkit designed to work with BYOVD exploits☆198Updated 3 months ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆147Updated 2 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆258Updated 10 months ago
- miscellaneous scripts and programs☆242Updated 3 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆187Updated 5 months ago
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆168Updated 2 years ago
- kernel callback removal (Bypassing EDR Detections)☆162Updated last month
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆219Updated 6 months ago
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆177Updated last year
- Patch AMSI and ETW☆239Updated last year