VirtualAlllocEx / DSC_SVC_REMOTELinks
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
☆54Updated 2 years ago
Alternatives and similar repositories for DSC_SVC_REMOTE
Users that are interested in DSC_SVC_REMOTE are comparing it to the libraries listed below
Sorting:
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Updated 2 years ago
- ☆59Updated last year
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆64Updated 8 months ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- A care package of useful bofs for red team engagments☆55Updated 9 months ago
- ☆48Updated 2 years ago
- in-process powershell runner for BRC4☆47Updated last year
- malleable profile generator GUI for Havoc☆55Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 3 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆87Updated 2 years ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated 10 months ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆75Updated 2 years ago
- A repository with my code snippets for research/education purposes.☆51Updated 2 years ago
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆85Updated 2 years ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆31Updated last year
- EvtPsst☆55Updated last year
- C# havoc implant☆101Updated 2 years ago
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆84Updated last year
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Updated 2 years ago
- Run Cobalt Strike BOFs in Brute Ratel C4!☆72Updated 5 months ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Updated 2 years ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated last year
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆65Updated last year
- Identify and exploit leaked handles for local privilege escalation.☆110Updated 2 years ago
- Duplicate not owned Token from Running Process☆72Updated 2 years ago
- Lateral Movement via the .NET Profiler☆82Updated 9 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆98Updated last year
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆39Updated 3 years ago
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆39Updated 9 months ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆135Updated last year