VirtualAlllocEx / DSC_SVC_REMOTELinks
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
☆55Updated 2 years ago
Alternatives and similar repositories for DSC_SVC_REMOTE
Users that are interested in DSC_SVC_REMOTE are comparing it to the libraries listed below
Sorting:
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆64Updated 11 months ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Updated 2 years ago
- ☆60Updated last year
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Updated 3 years ago
- A care package of useful bofs for red team engagments☆55Updated 11 months ago
- Run Cobalt Strike BOFs in Brute Ratel C4!☆84Updated 7 months ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆88Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆90Updated 3 years ago
- ☆49Updated 2 years ago
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆38Updated 11 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated last year
- malleable profile generator GUI for Havoc☆55Updated 2 years ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆27Updated last year
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆86Updated 2 years ago
- in-process powershell runner for BRC4☆48Updated 2 years ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆23Updated 2 years ago
- EvtPsst☆55Updated 2 years ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆76Updated 2 years ago
- Example of using Sleep to create better named pipes.☆41Updated 2 years ago
- Lateral Movement via the .NET Profiler☆84Updated last year
- C# havoc implant☆101Updated 2 years ago
- ☆47Updated 2 years ago
- Identify and exploit leaked handles for local privilege escalation.☆111Updated 2 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆102Updated 2 years ago
- ☆79Updated 2 years ago
- Do some DLL SideLoading magic☆89Updated 2 years ago
- ☆109Updated 9 months ago
- Click Once + App Domain☆64Updated last year
- miscellaneous codes☆36Updated 2 years ago