claissg / remote_amsi_bypass
Kill AMSI in a remote process PoC
☆10Updated 6 years ago
Alternatives and similar repositories for remote_amsi_bypass:
Users that are interested in remote_amsi_bypass are comparing it to the libraries listed below
- ☆54Updated 6 years ago
- Bypass AMSI and Executing PowerShell scripts from C# - using CyberArk's method to bypass AMSI☆30Updated 5 years ago
- C# DCOM Execution☆18Updated 5 years ago
- C# Implementation of Get-VaultCredential☆13Updated 6 years ago
- Miscellaneous C-Sharp projects for red team activities☆24Updated 2 years ago
- ☆45Updated 6 years ago
- Code that can be used to create/steal/manipulate token contexts in a program. Can be implemented into other C# projects.☆12Updated 6 years ago
- CobaltStrike Aggressor Script to utilise FuzzySec's Windows Notification Framework Research to Spawn a Shell under Explorer.exe☆16Updated 5 years ago
- Quick and dirty .net console app for querying mssql servers.☆20Updated 6 years ago
- InsecurePowerShellHost is a .NET Core host process for InsecurePowerShell, a version of PowerShell Core v6.0.0 with key security features…☆31Updated 7 years ago
- ☆36Updated 6 years ago
- ☆28Updated 7 years ago
- ☆11Updated 5 years ago
- Encrypted Shellcode Loader Generator☆22Updated 6 years ago
- My musings with C#☆28Updated 2 years ago
- Proof of concept of VMSA-2017-0012☆41Updated 7 years ago
- A VBA implementation of the RunPE technique or how to bypass application whitelisting.☆14Updated 6 years ago
- Contains poc's and my research works☆31Updated 2 years ago
- Python api for usage with cobalt strike's External C2 specification☆62Updated 6 years ago
- Ingests logs/dbs from cobalt and empire and outputs an excel report with activity, sessions, and credentials☆20Updated 4 years ago
- This tool is designed to simplify and automate the extraction and organization of useful data from Cobalt Strike logs.☆18Updated 5 years ago
- ☆14Updated 5 years ago
- Run Managed Assemblies with RunDll☆17Updated 6 years ago
- interesting analysis☆16Updated 6 years ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆12Updated 3 years ago
- Bash one-liner that will parse harmj0y's SharpRoast or Rebeus kerberoast into hashcat crack-able format.☆32Updated 6 years ago
- Takes raw hex shellcode (e.g. msfvenom hex format) from a cmd line arg, text file, or URL download and runs it.☆19Updated 6 years ago
- ☆14Updated 5 years ago
- Helper script for mangling CS payloads☆52Updated 5 years ago
- ☆14Updated 4 years ago