T3nb3w / ComDotNetExploitLinks
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆311Updated 5 months ago
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below
Sorting:
- Exploitation of process killer drivers☆202Updated last year
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆228Updated 2 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆273Updated last year
- ☆193Updated last year
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆168Updated 4 months ago
- EDRSandblast-GodFault☆266Updated last year
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆349Updated 11 months ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆234Updated 9 months ago
- Generic PE loader for fast prototyping evasion techniques☆232Updated last year
- A set of programs for analyzing common vulnerabilities in COM☆223Updated 10 months ago
- ☆260Updated 2 years ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆200Updated last year
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆187Updated last month
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆350Updated 5 months ago
- For when DLLMain is the only way☆389Updated 9 months ago
- An easily modifiable shellcode template for Windows x64 written in C☆257Updated 2 years ago
- Windows rootkit designed to work with BYOVD exploits☆204Updated 6 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆162Updated last year
- Injecting DLL into LSASS at boot☆132Updated 3 months ago
- Sleep obfuscation☆230Updated 7 months ago
- An example reference design for a proposed BOF PE☆180Updated 3 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆248Updated 3 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆269Updated 10 months ago
- kernel callback removal (Bypassing EDR Detections)☆184Updated 4 months ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆252Updated 2 years ago
- Bypass LSA protection using the BYODLL technique☆167Updated 10 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆345Updated 2 years ago
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆143Updated last year
- Hide your P/Invoke signatures through other people's signed assemblies☆211Updated last year
- ☆260Updated last year