VirtualAlllocEx / DSC_SVC_REMOTE
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
☆50Updated last year
Related projects: ⓘ
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆60Updated last year
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆55Updated 5 months ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆79Updated last year
- ☆45Updated last year
- ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.☆41Updated last year
- ☆57Updated 9 months ago
- A repository with my code snippets for research/education purposes.☆51Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 2 months ago
- Duplicate not owned Token from Running Process☆72Updated last year
- Rewrite to fit my needs☆25Updated last month
- PhantomsGate: Advanced Shellcode Injection Technique☆20Updated 2 months ago
- Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe☆13Updated 9 months ago
- Lateral Movement via the .NET Profiler☆74Updated 3 months ago
- ☆47Updated last year
- A pure C version of SymProcAddress☆23Updated 6 months ago
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆32Updated 3 months ago
- ☆54Updated last month
- ☆23Updated last year
- in-process powershell runner for BRC4☆35Updated 10 months ago
- malleable profile generator GUI for Havoc☆53Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆20Updated this week
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆56Updated 11 months ago
- C# havoc implant☆90Updated last year
- ☆65Updated this week
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆25Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆50Updated last year
- ☆28Updated this week
- Items related to the RedELK workshop given at security conferences☆25Updated 11 months ago
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆37Updated 2 years ago
- DFSCoerce exe revisited version with custom authentication☆34Updated 8 months ago