This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
☆55May 8, 2023Updated 2 years ago
Alternatives and similar repositories for DSC_SVC_REMOTE
Users that are interested in DSC_SVC_REMOTE are comparing it to the libraries listed below
Sorting:
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆31Jan 14, 2023Updated 3 years ago
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆20Apr 17, 2023Updated 2 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆125Feb 13, 2023Updated 3 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆82May 23, 2023Updated 2 years ago
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 2 years ago
- A proof of concept of real custom GetProcAddress and GetModuleBaseAddress☆21Jul 9, 2022Updated 3 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- ☆48Feb 11, 2023Updated 3 years ago
- Kernel Mode Driver for Elevating Process Privileges☆132Mar 23, 2023Updated 2 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆307Aug 2, 2023Updated 2 years ago
- NimSkrull is an adaption from the original Skrull malware anti-copy DRM. Only for the anti-copy feature. (https://github.com/aaaddress1/S…☆13May 20, 2023Updated 2 years ago
- ☆20Jul 23, 2023Updated 2 years ago
- Exploring different process injection techniques based on malware analysis☆14Dec 28, 2023Updated 2 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆175Mar 15, 2023Updated 3 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- My personal shellcode loader☆32Mar 9, 2023Updated 3 years ago
- Firefox webInjector capable of injecting codes into webpages using a mitmproxy.☆42Oct 30, 2022Updated 3 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Nov 19, 2022Updated 3 years ago
- ☆143Jun 21, 2023Updated 2 years ago
- all random stuff that dont warrant a seperate repo☆12Sep 2, 2022Updated 3 years ago
- An attempt at reversing WindowsDefender☆20Oct 6, 2024Updated last year
- Remote Administration Tool, Server Written in C# and Client Written in C++☆15Dec 8, 2022Updated 3 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆141Feb 27, 2023Updated 3 years ago
- Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…☆322Aug 2, 2023Updated 2 years ago
- ☆37Feb 11, 2023Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆92Mar 23, 2023Updated 2 years ago
- Classic DLL injection. Download dll from url and inject. Simple C++ implementation☆10Apr 16, 2022Updated 3 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- Native Syscalls Shellcode Injector☆267Jul 2, 2023Updated 2 years ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆108Sep 22, 2023Updated 2 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆263Apr 29, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 4 months ago
- Exploits written while preparing for the OSED exam☆25Apr 30, 2024Updated last year
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆173Apr 27, 2023Updated 2 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆244Sep 26, 2023Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆262Jun 29, 2024Updated last year
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆72Feb 11, 2024Updated 2 years ago
- Interactive program for loading AES encrypted shellcode with Dynamic Invocation, and interactive .NET assemblies in memory.☆13Mar 16, 2022Updated 4 years ago