AMSI detection PoC
☆31Apr 14, 2020Updated 5 years ago
Alternatives and similar repositories for AMSIDetection
Users that are interested in AMSIDetection are comparing it to the libraries listed below
Sorting:
- Identify common attack paths to get Domain Administrator☆21Aug 20, 2019Updated 6 years ago
- LSASS enumeration like pypykatz written in C-Lang☆20Dec 1, 2021Updated 4 years ago
- Writing Your Own Ticket to the Cloud Like APT: A Deep-dive to AD FS Attacks, Detections, and Mitigations☆12Dec 9, 2022Updated 3 years ago
- Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.☆155Dec 22, 2020Updated 5 years ago
- A spin-off research project. Cobalt Strike x Notion collab 2022☆53Apr 8, 2022Updated 3 years ago
- ☆26Dec 29, 2021Updated 4 years ago
- basic proxy as an azure function serverless app☆17Jan 12, 2023Updated 3 years ago
- C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)☆25Mar 7, 2023Updated 3 years ago
- ☆153Jan 6, 2023Updated 3 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- YouTube/Livestream project for obfuscating C# source code using Roslyn☆129May 9, 2021Updated 4 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆41Dec 31, 2020Updated 5 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆53May 21, 2020Updated 5 years ago
- An example of how a driver can register a handle creation callback.�☆16Jun 12, 2023Updated 2 years ago
- Create file system symbolic links from low privileged user accounts within PowerShell☆94Jun 20, 2022Updated 3 years ago
- Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.☆85May 7, 2023Updated 2 years ago
- ☆82Feb 12, 2022Updated 4 years ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆34Sep 15, 2022Updated 3 years ago
- C# tool to discover low hanging fruits☆94Dec 15, 2022Updated 3 years ago
- Inject .NET assemblies into an existing process☆507Jan 19, 2022Updated 4 years ago
- Hijack Printconfig.dll to execute shellcode☆101Jan 15, 2021Updated 5 years ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- A PoC project for embedding shellcode to Hint/Name Table☆114May 16, 2022Updated 3 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆109Oct 10, 2021Updated 4 years ago
- URL-encode data streams via commandline☆14Oct 26, 2019Updated 6 years ago
- Universal Unhooking☆326Sep 19, 2018Updated 7 years ago
- ☆30Nov 7, 2022Updated 3 years ago
- BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs☆186Oct 3, 2021Updated 4 years ago
- ☆48Nov 18, 2020Updated 5 years ago
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆28Jan 4, 2024Updated 2 years ago
- POC about how to prevent windbg break☆15Oct 3, 2022Updated 3 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆41Sep 23, 2021Updated 4 years ago
- Execute PowerShell code at the antimalware-light protection level.☆142Dec 13, 2022Updated 3 years ago
- A lightweight .NET assembly dependency merger that uses dnLib and 7zip's LZMA SDK for compressing dependant assemblies.☆105Sep 4, 2024Updated last year
- Start new PowerShell without etw and amsi in pure nim☆157Feb 14, 2022Updated 4 years ago
- Simple Aggressor Scripts for Cobalt Strike☆13Sep 24, 2020Updated 5 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- IOXIDResolver from AirBus Security/PingCastle☆51Nov 25, 2020Updated 5 years ago
- ☆185Jan 5, 2021Updated 5 years ago