T3nb3w / ComDotNetExploitLinks
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆330Updated 9 months ago
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below
Sorting:
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆285Updated last month
- Exploitation of process killer drivers☆201Updated 2 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆291Updated last year
- ☆197Updated last year
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆257Updated 3 months ago
- For when DLLMain is the only way☆414Updated last year
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆251Updated last year
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆219Updated last year
- Generic PE loader for fast prototyping evasion techniques☆242Updated last year
- ☆268Updated 2 years ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆357Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆362Updated 10 months ago
- A set of programs for analyzing common vulnerabilities in COM☆244Updated last year
- UAC Bypass using UIAccess program QuickAssist☆203Updated 3 weeks ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆199Updated 4 months ago
- Injecting DLL into LSASS at boot☆155Updated 7 months ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆288Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆362Updated 2 years ago
- kernel callback removal (Bypassing EDR Detections)☆206Updated last month
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆166Updated last year
- Sleep obfuscation☆255Updated last year
- An easily modifiable shellcode template for Windows x64 written in C☆273Updated 2 years ago
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆192Updated 6 months ago
- EDRSandblast-GodFault☆270Updated 2 years ago
- Windows rootkit designed to work with BYOVD exploits☆211Updated 11 months ago
- Remote Shellcode Injector☆220Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆294Updated 2 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆259Updated 2 years ago
- Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan …☆189Updated 2 weeks ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆202Updated last year