VirtualAlllocEx / Taskschedule-Persistence-Download-CradlesView external linksLinks
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
☆88Jul 7, 2022Updated 3 years ago
Alternatives and similar repositories for Taskschedule-Persistence-Download-Cradles
Users that are interested in Taskschedule-Persistence-Download-Cradles are comparing it to the libraries listed below
Sorting:
- This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR …☆256Jul 7, 2022Updated 3 years ago
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆20Apr 17, 2023Updated 2 years ago
- C# Utilities for Windows Notification Facility☆159Apr 14, 2025Updated 10 months ago
- FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads☆386Apr 16, 2022Updated 3 years ago
- Overwrite a process's recovery callback and execute with WER☆103Apr 17, 2022Updated 3 years ago
- This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and down…☆256May 25, 2023Updated 2 years ago
- ☆209Feb 24, 2022Updated 3 years ago
- Process Ghosting in C#☆219Jan 24, 2022Updated 4 years ago
- WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement☆369Dec 24, 2021Updated 4 years ago
- Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.☆117Dec 26, 2021Updated 4 years ago
- Various ways to execute shellcode☆508Mar 13, 2024Updated last year
- ☆413Dec 14, 2023Updated 2 years ago
- Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting☆363Dec 19, 2022Updated 3 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- ☆225Oct 22, 2023Updated 2 years ago
- How to spoof the command line when spawning a new process from C#.☆110Dec 28, 2021Updated 4 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- A simple packer working with all PE files which cipher your exe with a XOR implementation☆15Aug 10, 2020Updated 5 years ago
- ☆23Mar 9, 2022Updated 3 years ago
- Identify the attack paths in BloodHound breaking your AD tiering☆326Nov 6, 2022Updated 3 years ago
- Detect strange memory regions and DLLs☆185Jan 20, 2022Updated 4 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆101Mar 27, 2022Updated 3 years ago
- Bypassing AV, EDR, Application Whitelisting and ASR Rules☆13Apr 18, 2023Updated 2 years ago
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- Some of my custom "tools".☆28Feb 21, 2022Updated 3 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆338Jan 16, 2022Updated 4 years ago
- Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.☆125Apr 9, 2022Updated 3 years ago
- ☆778Oct 17, 2023Updated 2 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Jan 6, 2023Updated 3 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Nov 21, 2022Updated 3 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆502Jan 25, 2022Updated 4 years ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆747Aug 18, 2023Updated 2 years ago
- Execute embedded Mimikatz☆13Nov 24, 2021Updated 4 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆336Jul 20, 2024Updated last year
- Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…☆469Mar 8, 2023Updated 2 years ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆31Feb 26, 2024Updated last year
- Situational Awareness commands implemented using Beacon Object Files☆1,709Jan 5, 2026Updated last month
- Nim-based assembly packer and shellcode loader for opsec & profit☆488Feb 24, 2023Updated 2 years ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆417Jan 27, 2024Updated 2 years ago