A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases bypassing code integrity checks and loading malicious payloads in highly protected processes such as LSASS. Based on research from James Forshaw.
☆336Mar 6, 2025Updated last year
Alternatives and similar repositories for ComDotNetExploit
Users that are interested in ComDotNetExploit are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- ForsHops☆154Mar 25, 2025Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆196Feb 6, 2025Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆285Sep 18, 2024Updated last year
- A set of programs for analyzing common vulnerabilities in COM☆261Sep 8, 2024Updated last year
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Activation Context Hijack☆173May 4, 2026Updated last month
- Reaping treasures from strings in remote processes memory☆288Feb 8, 2025Updated last year
- Sleep obfuscation☆274Dec 13, 2024Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆270Apr 8, 2025Updated last year
- "Service-less" driver loading☆187Nov 28, 2024Updated last year
- Tool for viewing NTDS.dit☆203Mar 14, 2025Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆357Nov 19, 2024Updated last year
- ☆201Mar 28, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 4 months ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- ☆127Sep 1, 2024Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆154Apr 18, 2025Updated last year
- ☆136Feb 11, 2025Updated last year
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆131Jan 17, 2026Updated 4 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆381Apr 19, 2023Updated 3 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated 2 years ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆434Sep 29, 2025Updated 8 months ago
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆206Apr 21, 2025Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆411Jan 11, 2026Updated 4 months ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Weaponizing DCOM for NTLM Authentication Coercions☆275Jul 1, 2025Updated 11 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆238Feb 12, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post☆239Nov 7, 2024Updated last year
- COM ViewLogger — new malware keylogging technique☆406Jan 6, 2025Updated last year
- A BOF that runs unmanaged PEs inline☆702Oct 23, 2024Updated last year
- A beacon object file implementation of PoolParty Process Injection Technique.☆449Dec 21, 2023Updated 2 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆628Jan 2, 2025Updated last year
- Fileless atexec, no more need for port 445☆410Mar 28, 2024Updated 2 years ago
- ☆159Dec 13, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Windows rootkit designed to work with BYOVD exploits☆221Jan 18, 2025Updated last year
- Reverse engineering winapi function loadlibrary.☆244Apr 17, 2023Updated 3 years ago
- BOF with Synthetic Stackframe☆249Oct 30, 2025Updated 7 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆264Aug 31, 2025Updated 9 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆287Apr 6, 2025Updated last year
- A PowerShell console in C/C++ with all the security features disabled☆390Oct 14, 2025Updated 7 months ago
- Stage 0☆169Dec 18, 2024Updated last year