alexlee820 / PatchedCLRLoaderLinks
.NET assembly loader with patching AMSI and ETW bypass
☆31Updated 9 months ago
Alternatives and similar repositories for PatchedCLRLoader
Users that are interested in PatchedCLRLoader are comparing it to the libraries listed below
Sorting:
- A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…☆113Updated last month
- Impersonate Tokens using only NTAPI functions☆83Updated 10 months ago
- Local SYSTEM auth trigger for relaying☆168Updated 6 months ago
- Lateral Movement Bof with MSI ODBC Driver Install☆144Updated 4 months ago
- adws enumeration bof☆161Updated 4 months ago
- Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective☆166Updated last month
- Lateral movement with DCOM DLL hijacking☆176Updated 7 months ago
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆122Updated 3 weeks ago
- A tool for coercing and relaying Kerberos authentication over DCOM and RPC.☆146Updated 6 months ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆88Updated 11 months ago
- ☆54Updated 3 months ago
- Evasive Payload Delivery Server & C2 Redirector☆112Updated 3 months ago
- Tool to bypass LSA Protection (aka Protected Process Light)☆64Updated last year
- Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions☆63Updated 2 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆101Updated last month
- Automatically scan the file system to identify Electron applications vulnerable to ASAR tampering.☆148Updated 2 months ago
- .NET assembly loader with patchless AMSI and ETW bypass in Rust☆58Updated last year
- The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…☆169Updated 5 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆222Updated 3 months ago
- a C# implementation for a shellcode loader that capable to bypass Cortex XDR and Sophos EDR.☆91Updated 8 months ago
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Updated last year
- Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.☆205Updated last month
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆128Updated last year
- ☆123Updated last year
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆51Updated 8 months ago
- A C# utility for interacting with SCOM☆95Updated 2 months ago
- Just another EDR killer☆94Updated 3 weeks ago
- A small How-To on creating your own weaponized WSL file☆119Updated 6 months ago
- Agent for AdaptixC2 with focus in evasion, capability and malleable.☆140Updated last week
- Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.☆233Updated this week