T3nb3w / ComDotNetExploit
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆265Updated 3 weeks ago
Alternatives and similar repositories for ComDotNetExploit:
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below
- Exploitation of process killer drivers☆198Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆158Updated 9 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆243Updated 7 months ago
- A set of programs for analyzing common vulnerabilities in COM☆200Updated 6 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆319Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆257Updated 6 months ago
- ☆183Updated 9 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆324Updated 7 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated last month
- Bypass LSA protection using the BYODLL technique☆155Updated 6 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆348Updated 3 months ago
- Generic PE loader for fast prototyping evasion techniques☆229Updated 8 months ago
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆141Updated last year
- EDRSandblast-GodFault☆257Updated last year
- Windows rootkit designed to work with BYOVD exploits☆170Updated 2 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆232Updated 3 months ago
- ☆254Updated 2 years ago
- Sleep obfuscation☆210Updated 3 months ago
- Remote Shellcode Injector☆212Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆270Updated 2 years ago
- Hide your P/Invoke signatures through other people's signed assemblies☆204Updated last year
- Admin to Kernel code execution using the KSecDD driver☆244Updated 11 months ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆141Updated 2 weeks ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆184Updated 4 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆256Updated 9 months ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆180Updated last year
- Exploitation of echo_driver.sys☆169Updated last year
- Collect Windows telemetry for Maldev☆318Updated last month
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆208Updated 4 months ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆292Updated last year