A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆335Mar 6, 2025Updated last year
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆383Dec 13, 2024Updated last year
- ForsHops☆153Mar 25, 2025Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆282Sep 18, 2024Updated last year
- A set of programs for analyzing common vulnerabilities in COM☆250Sep 8, 2024Updated last year
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Activation Context Hijack☆172Aug 3, 2025Updated 8 months ago
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- Sleep obfuscation☆272Dec 13, 2024Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆268Apr 8, 2025Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆348Nov 19, 2024Updated last year
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- Tool for viewing NTDS.dit☆198Mar 14, 2025Updated last year
- ☆200Mar 28, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- ☆127Sep 1, 2024Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆151Apr 18, 2025Updated 11 months ago
- ☆136Feb 11, 2025Updated last year
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆128Jan 17, 2026Updated 2 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆375Apr 19, 2023Updated 2 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆425Sep 29, 2025Updated 6 months ago
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆204Apr 21, 2025Updated 11 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆413Jan 11, 2026Updated 2 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Weaponizing DCOM for NTLM Authentication Coercions☆274Jul 1, 2025Updated 9 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆233Feb 12, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post☆241Nov 7, 2024Updated last year
- A BOF that runs unmanaged PEs inline☆689Oct 23, 2024Updated last year
- COM ViewLogger — new malware keylogging technique☆408Jan 6, 2025Updated last year
- Fileless atexec, no more need for port 445☆406Mar 28, 2024Updated 2 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆622Jan 2, 2025Updated last year
- BOF with Synthetic Stackframe☆239Oct 30, 2025Updated 5 months ago
- ☆159Dec 13, 2024Updated last year
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Windows rootkit designed to work with BYOVD exploits☆218Jan 18, 2025Updated last year
- Reverse engineering winapi function loadlibrary.☆240Apr 17, 2023Updated 2 years ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆442Dec 21, 2023Updated 2 years ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆264Aug 31, 2025Updated 7 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆284Apr 6, 2025Updated last year
- A PowerShell console in C/C++ with all the security features disabled☆380Oct 14, 2025Updated 5 months ago
- Stage 0☆168Dec 18, 2024Updated last year