This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit type coercion
☆52May 16, 2025Updated 9 months ago
Alternatives and similar repositories for Living-off-the-COM-Type-Coercion-Abuse
Users that are interested in Living-off-the-COM-Type-Coercion-Abuse are comparing it to the libraries listed below
Sorting:
- ☆53Jul 8, 2025Updated 8 months ago
- Utilizng an MCP Server to communicate with your C2☆86May 15, 2025Updated 9 months ago
- Thats it! An Open-Source Windows UEFI Rootkit☆28Jul 19, 2025Updated 7 months ago
- PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph☆24Aug 2, 2025Updated 7 months ago
- ☆82Apr 28, 2025Updated 10 months ago
- ☆54Mar 26, 2025Updated 11 months ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- Impersonate Windows tokens in Nim☆23Aug 4, 2025Updated 7 months ago
- Supporting PoCs and scripts for my talk "OverLAPS: Overriding LAPS Logic"☆22Oct 12, 2025Updated 4 months ago
- ☆39Nov 25, 2025Updated 3 months ago
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆51May 5, 2025Updated 10 months ago
- A simple BOF that disables some logging with NtSetInformationProcess☆13Oct 13, 2023Updated 2 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- ☆18Feb 29, 2024Updated 2 years ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 10 months ago
- Prevent in-process process termination by patching exit APIs☆63Nov 9, 2025Updated 4 months ago
- Rust implementation, creating a scheduled task programmatically with user logon trigger.☆47Jun 10, 2025Updated 8 months ago
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆50Jul 6, 2025Updated 8 months ago
- ☆50Jul 9, 2025Updated 8 months ago
- Chrome browser extension-based Command & Control☆239Jul 2, 2025Updated 8 months ago
- Evasive Payload Delivery Server & C2 Redirector☆112Nov 3, 2025Updated 4 months ago
- Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…☆59Oct 10, 2025Updated 4 months ago
- A set of programs for analyzing common vulnerabilities in COM☆249Sep 8, 2024Updated last year
- ☆51May 4, 2025Updated 10 months ago
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆157Nov 23, 2025Updated 3 months ago
- Toolset to manipulate RPC clients by finding delayed services and masquerading as them☆108Aug 18, 2025Updated 6 months ago
- Lateral movement with DCOM DLL hijacking☆176Jul 4, 2025Updated 8 months ago
- A lexer and parser for Sleep☆20Feb 20, 2026Updated 2 weeks ago
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆199Jun 17, 2025Updated 8 months ago
- Python script to leverage MSFT_MTProcess WMI class☆39Sep 17, 2025Updated 5 months ago
- ☆160Jan 27, 2025Updated last year
- A simple Linux in-memory .so loader☆33Mar 29, 2023Updated 2 years ago
- ACL Viewer for Windows☆133May 4, 2025Updated 10 months ago
- Putting a leash on naughty AWS permissions☆135Sep 5, 2025Updated 6 months ago
- Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#…☆341Feb 2, 2026Updated last month
- Code execution/injection technique using DLL PEB module structure manipulation☆221Jun 4, 2025Updated 9 months ago