VirtualAlllocEx / DSC_SVC_REMOTELinks
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
☆55Updated 2 years ago
Alternatives and similar repositories for DSC_SVC_REMOTE
Users that are interested in DSC_SVC_REMOTE are comparing it to the libraries listed below
Sorting:
- ☆61Updated 2 years ago
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆64Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆88Updated 3 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Updated 3 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆91Updated 3 years ago
- Just another ntdll unhooking using Parun's Fart technique☆76Updated 2 years ago
- A care package of useful bofs for red team engagments☆55Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆28Updated last year
- These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be…☆22Updated 2 years ago
- Run Cobalt Strike BOFs in Brute Ratel C4!☆85Updated 8 months ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆33Updated 2 years ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆85Updated last year
- C# havoc implant☆101Updated 2 years ago
- EvtPsst☆55Updated 2 years ago
- Lateral Movement via the .NET Profiler☆84Updated last year
- ☆49Updated 2 years ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated 2 years ago
- Python module for running BOFs☆79Updated last month
- malleable profile generator GUI for Havoc☆55Updated 2 years ago
- ☆47Updated 2 years ago
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆31Updated 2 years ago
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆23Updated 3 years ago
- in-process powershell runner for BRC4☆48Updated 2 years ago
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆45Updated last year
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆39Updated last year
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆77Updated 2 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Updated 2 years ago
- A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …☆91Updated 3 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆102Updated 2 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Updated 3 years ago