cinzinga / Evasion-Practice
A variety of AV evasion techniques written in C# for practice.
☆78Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for Evasion-Practice
- Determine if the WebClient Service (WebDAV) is running on a remote system☆121Updated 8 months ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆250Updated last year
- ☆154Updated 3 months ago
- ☆138Updated 2 years ago
- AV EVASION TECHNIQUES☆74Updated 2 years ago
- Patching AmsiOpenSession by forcing an error branching☆143Updated last year
- A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY☆77Updated 2 years ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆86Updated 2 years ago
- Patch AMSI and ETW☆230Updated 6 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆145Updated 10 months ago
- ☆52Updated 7 months ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆138Updated 8 months ago
- Payload Generation Framework☆85Updated 7 months ago
- PoC to coerce authentication from Windows hosts using MS-WSP☆222Updated last year
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆148Updated 10 months ago
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆166Updated last year
- Coerce Windows machines auth via MS-EVEN☆153Updated 9 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆155Updated 3 weeks ago
- Beacon Object File & C# project to check LDAP signing☆170Updated 3 months ago
- Lateral Movement☆118Updated 11 months ago
- ☆28Updated 3 years ago
- Shellcode generation and encoding utility☆21Updated 2 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆95Updated last year
- SeRestorePrivilege to SYSTEM☆77Updated 3 years ago
- Simple C# implementation of PowerUpSQL☆92Updated 4 months ago
- Bypass AMSI By Dividing files into multiple smaller files☆45Updated last year
- C# havoc implant☆96Updated last year
- ☆77Updated last year
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆178Updated 2 years ago