boku7 / Nobelium-PdfDLRunAesShellcodeLinks
A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
☆101Updated 2 years ago
Alternatives and similar repositories for Nobelium-PdfDLRunAesShellcode
Users that are interested in Nobelium-PdfDLRunAesShellcode are comparing it to the libraries listed below
Sorting:
- Weaponising C# - Fundamentals Training Content☆70Updated 4 years ago
- ☆48Updated 5 years ago
- OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.☆91Updated 3 years ago
- ☆26Updated 4 years ago
- UI for creating LNKs☆104Updated 4 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- A fake AMSI Provider which can be used for persistence.☆151Updated 4 years ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆67Updated last year
- Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.☆120Updated 3 years ago
- ☆55Updated 3 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆124Updated 4 years ago
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆71Updated 4 years ago
- Tradecraft Development Fundamentals☆40Updated 3 years ago
- Remove API hooks from a Beacon process.☆57Updated 3 years ago
- D/Invoke port of UrbanBishop☆107Updated 4 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Updated 2 years ago
- Load .net assemblies from memory while having them appear to be loaded from an on-disk location.☆168Updated 4 years ago
- ☆59Updated 3 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- MiniDumpWriteDump behavior modification hook☆50Updated 4 years ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆108Updated 2 years ago
- WNF Code Execution Library Using C#☆111Updated 5 years ago
- Simple EDR implementation to demonstrate bypass☆173Updated 5 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆121Updated 3 years ago
- Evasive Process Hollowing Techniques☆141Updated 4 years ago
- Generate droppers with encrypted payloads automatically.☆54Updated 3 years ago
- POC for frustrating/defeating Malware Analysts☆154Updated 3 years ago
- C++ implant that interfaces with a SK8PARK server☆49Updated 3 years ago
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆96Updated 3 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆103Updated 2 years ago