arntsonl / calc_security_poc
A sample of proof of concept scripts that run Calc.exe with full source code.
☆95Updated 6 months ago
Alternatives and similar repositories for calc_security_poc:
Users that are interested in calc_security_poc are comparing it to the libraries listed below
- Presentation material presented by Outflank team members at public events.☆185Updated 3 months ago
- Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.☆203Updated 7 years ago
- Fileless lateral movement tool that relies on ChangeServiceConfigA to run command☆111Updated 5 years ago
- ☆162Updated 2 years ago
- Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been se…☆167Updated 4 years ago
- Evading WinDefender ATP credential-theft☆254Updated 5 years ago
- Code Exec via Excel☆86Updated 7 years ago
- A simple script to generate JScript code for calling Win32 API functions using XLM/Excel 4.0 macros via Excel.Application "ExecuteExcel4M…☆90Updated 5 years ago
- An Insider Threat Toolkit☆149Updated 6 years ago
- lateral movement techniques that can be used during red team exercises☆270Updated 5 years ago
- Constrained Language Mode + AMSI bypass all in one☆156Updated 5 years ago
- Scripts for performing and detecting parent PID spoofing☆144Updated 4 years ago
- Neutering Sysmon via driver unload☆226Updated 2 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆215Updated 5 years ago
- Lateral Movement technique using DCOM and HTA☆231Updated 2 years ago
- (kinda) Malicious Outlook Reader☆134Updated 4 years ago
- Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)☆142Updated 7 years ago
- Collection of awesome Cobalt Strike Aggressor Scripts. All credit due to the authors☆152Updated 6 years ago
- Powershell module to get the NetNTLMv2 hash of the current user☆93Updated 2 years ago
- Run Rubeus via Rundll32☆199Updated 4 years ago
- Companion PoC for the "Adventures in Dynamic Evasion" blog post☆122Updated 3 years ago
- A HTA shell to assist with breakout assessments.☆112Updated 3 years ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆244Updated 4 years ago
- A Powershell implementation of PrivExchange designed to run under the current user's context☆124Updated 6 years ago
- 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.☆128Updated 2 years ago
- Macro-Enabled Excel File Generator (.xlsm) using the EPPlus Library.☆146Updated 4 years ago
- DLL Password Filter Implant with Exfiltration Capabilities☆136Updated 5 years ago
- BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET☆145Updated 5 years ago
- GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects☆248Updated 4 years ago
- ☆127Updated 3 years ago