VirtualAlllocEx / DSC_SVC_REMOTELinks
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
☆51Updated 2 years ago
Alternatives and similar repositories for DSC_SVC_REMOTE
Users that are interested in DSC_SVC_REMOTE are comparing it to the libraries listed below
Sorting:
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆85Updated 2 years ago
- ☆48Updated 2 years ago
- ☆59Updated last year
- PowerShell script to terminate protected processes such as anti-malware and EDRs.☆27Updated 2 years ago
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆63Updated 6 months ago
- in-process powershell runner for BRC4☆45Updated last year
- A method to execute shellcode using RegisterWaitForInputIdle API.☆54Updated 2 years ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 9 months ago
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆42Updated 9 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆82Updated 8 months ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆85Updated 2 years ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆75Updated 2 years ago
- These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be…☆20Updated last year
- ☆55Updated 8 months ago
- ☆48Updated 2 years ago
- A care package of useful bofs for red team engagments☆55Updated 7 months ago
- Lateral Movement via the .NET Profiler☆82Updated 7 months ago
- Modified versions of the Cobalt Strike Process Injection Kit☆96Updated last year
- DLL Exports Extraction BOF with optional NTFS transactions.☆82Updated 3 years ago
- A repository with my code snippets for research/education purposes.☆50Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆26Updated 2 years ago
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆38Updated 7 months ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆31Updated last year
- Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged p…☆49Updated 3 years ago
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆39Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 2 years ago
- C# Data Collector for BloodHound with CobaltStrike integration (BOF.NET)☆56Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 11 months ago
- .NET port of Leron Gray's azbelt tool.☆26Updated last year