brosck / Reaper
γπγProof of concept on BYOVD attack
β154Updated last month
Alternatives and similar repositories for Reaper:
Users that are interested in Reaper are comparing it to the libraries listed below
- Shaco is a linux agent for havocβ155Updated last year
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development courseβ180Updated last year
- Port of Cobalt Strike's Process Inject Kitβ162Updated last month
- β161Updated 2 months ago
- Evasive Golang Loaderβ132Updated 6 months ago
- β137Updated 6 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to executionβ169Updated 2 months ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.β203Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactionsβ275Updated 2 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Wβ¦β149Updated 8 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reductiβ¦β193Updated 7 months ago
- Havoc C2 profile generatorβ68Updated 3 months ago
- Just another C2 Redirector using CloudFlare.β84Updated 8 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printingβ143Updated 8 months ago
- β187Updated 10 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.β181Updated last year
- Patching AmsiOpenSession by forcing an error branchingβ143Updated last year
- reflectively load and execute PEs locally and remotely bypassing EDR hooksβ149Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the cloneβ¦β179Updated 3 months ago
- Extracting NetNTLM without touching lsass.exeβ233Updated last year
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methodsβ102Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotelyβ330Updated last month
- A variation of ProcessOverwriting to execute shellcode on an executable's sectionβ147Updated last year
- Documents Exfiltration project for fun and educational purposesβ145Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, fβ¦β152Updated 8 months ago
- Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRsβ67Updated 2 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.β286Updated last year
- Execute shellcode from a remote-hosted bin file using Winhttp.β229Updated last year
- Stealthily inject shellcode into an executableβ139Updated this week
- β160Updated 6 months ago