boku7 / x64win-AddRdpAdminShellcode
64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"
☆38Updated 3 years ago
Alternatives and similar repositories for x64win-AddRdpAdminShellcode:
Users that are interested in x64win-AddRdpAdminShellcode are comparing it to the libraries listed below
- A simple injector that uses LoadLibraryA☆17Updated 4 years ago
- Just another casual shellcode native loader☆24Updated 3 years ago
- XOR crypt/decrypt using C#☆12Updated 4 years ago
- JALSI - Just Another Lame Shellcode Injector☆30Updated 3 years ago
- A custom run space to bypass AMSI and Constrained Language mode in PowerShell.☆18Updated last year
- Ransoblin (Ransomware Bokoblin)☆17Updated 4 years ago
- (Sim)ulate (Ba)zar Loader☆29Updated 4 years ago
- C# project to Reflectively load .Net assemblies in memory☆17Updated 9 months ago
- A repository filled with ideas to break/detect direct syscall techniques☆27Updated 2 years ago
- A more advanced free and open .NET obfuscator using dnlib.☆10Updated 2 years ago
- ☆48Updated 3 years ago
- Another AMSI bypass - but in C++.☆23Updated last year
- C# implementation of Shellcode delivery techniques using PInvoke and DInvoke variations for API calling.☆35Updated 3 years ago
- A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…☆23Updated 2 years ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago
- Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx☆14Updated 3 years ago
- A .NET binary loader that bypasses AMSI☆44Updated 3 years ago
- Extended Process List (Search functionality)☆29Updated 4 years ago
- File Write Weapon for Privilege Escalation To get SYSTEM☆17Updated 4 years ago
- Bypass Windows defender syscall☆18Updated 3 years ago
- ☆12Updated 4 years ago
- A C port of b33f's UrbanBishop☆38Updated 4 years ago
- Files for generating a C# source file that allows for memory-mapping "niceness" and then executing said "niceness"☆31Updated 6 years ago
- One gate to all syscalls!☆23Updated 3 years ago
- Small POC for process ghosting☆39Updated 3 years ago
- I used this to see if an EDR is running in Safe Mode☆35Updated 4 years ago
- Get or remove RunMRU values☆54Updated 5 years ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆31Updated last year
- Extract all IP of a computer using DCOM without authentication (aka detect network used for administration)☆26Updated 4 years ago
- Remove API hooks from a Beacon process.☆13Updated 3 years ago