VirtualAlllocEx / DSC_SVC_REMOTELinks
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
☆51Updated 2 years ago
Alternatives and similar repositories for DSC_SVC_REMOTE
Users that are interested in DSC_SVC_REMOTE are comparing it to the libraries listed below
Sorting:
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆85Updated 2 years ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆74Updated 2 years ago
- ☆48Updated 2 years ago
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆63Updated 5 months ago
- PowerShell script to terminate protected processes such as anti-malware and EDRs.☆26Updated last year
- in-process powershell runner for BRC4☆45Updated last year
- Creation and removal of Defender path exclusions and exceptions in C#.☆31Updated last year
- Reasonably undetected shellcode stager and executer.☆37Updated last week
- Rewrite to fit my needs☆28Updated 10 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆82Updated 7 months ago
- Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe☆13Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 8 months ago
- Lateral Movement via the .NET Profiler☆82Updated 6 months ago
- C# havoc implant☆99Updated 2 years ago
- Windows Thread Pool Injection Havoc Implementation☆29Updated last year
- A repository with my code snippets for research/education purposes.☆50Updated last year
- These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be…☆19Updated last year
- A method to execute shellcode using RegisterWaitForInputIdle API.☆54Updated 2 years ago
- Simple .NET loader for loading and executing Powershell payloads☆17Updated 3 years ago
- Modified versions of the Cobalt Strike Process Injection Kit☆94Updated last year
- Duplicate not owned Token from Running Process☆72Updated last year
- ☆59Updated last year
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆80Updated last year
- ProcExp Driver (Ab)use☆22Updated 2 years ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆56Updated 3 years ago
- Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged p…☆49Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- Some of the presentations, workshops, and labs I gave at public conferences.☆33Updated 3 weeks ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆100Updated 2 years ago
- malleable profile generator GUI for Havoc☆55Updated 2 years ago