boku7 / Nobelium-PdfDLRunAesShellcodeLinks
A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
☆101Updated 2 years ago
Alternatives and similar repositories for Nobelium-PdfDLRunAesShellcode
Users that are interested in Nobelium-PdfDLRunAesShellcode are comparing it to the libraries listed below
Sorting:
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆87Updated 3 years ago
- ☆112Updated 2 years ago
- Weaponising C# - Fundamentals Training Content☆70Updated 4 years ago
- ☆26Updated 4 years ago
- ☆55Updated 3 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Updated 2 years ago
- OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.☆93Updated 3 years ago
- The repository that complements the From zero to hero: creating a reflective loader in C# workshop☆38Updated 3 years ago
- Tradecraft Development Fundamentals☆40Updated 4 years ago
- Simple EDR implementation to demonstrate bypass☆173Updated 5 years ago
- A fake AMSI Provider which can be used for persistence.☆151Updated 4 years ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆68Updated last year
- ☆48Updated 5 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆123Updated 4 years ago
- Code samples of .NET shellcode injections, weaponized for use via WebDav and mshta.exe.☆37Updated 5 years ago
- UI for creating LNKs☆105Updated 4 years ago
- WNF Code Execution Library Using C#☆111Updated 5 years ago
- Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.☆39Updated 4 years ago
- cobalt strike tools☆31Updated 3 years ago
- RDPThief donut shellcode inject into mstsc☆87Updated 4 years ago
- Smart Card PIN swiping DLL☆78Updated 4 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 2 years ago
- Modular C# framework to exfiltrate loot over secure and trusted channels.☆130Updated 3 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆116Updated last year
- Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.☆120Updated 3 years ago
- Generate droppers with encrypted payloads automatically.☆54Updated 3 years ago
- Bypassing AppLocker with C#☆141Updated 4 years ago
- Start new PowerShell without etw and amsi in pure nim☆156Updated 3 years ago
- Koppeling x Metatwin x LazySign☆214Updated 4 years ago
- Hookers are cooler than patches.☆170Updated 3 years ago