cocomelonc / 2021-04-09-av-evasion-1-

Related projects: ⓘ

• cocomelonc / 2022-04-02-malware-injection-18
  Find kernel32 base and API addresses. Simple C++ implementation
  ☆23Updated 2 years ago
• VoldeSec / BOF-NPPSPY
  Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…
  ☆14Updated last year
• EvilGreys / xCommunityKit
  ☆14Updated this week
• ZephrFish / DynamicMSBuilder
  A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
  ☆30Updated 5 months ago
• jsecu / ElevatedEvents
  ☆29Updated last year
• CodeXTF2 / evasion-adventures-files
  Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
  ☆22Updated last year
• Offensive-Panda / WPM-MAJIC-ENTRY-POINT-INJECTION
  This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…
  ☆12Updated last month
• GetRektBoy724 / SharpLoadLibrary
  An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.
  ☆53Updated 2 years ago
• purplededa / CVE-2022-44721-CsFalconUninstaller
  ☆25Updated this week
• ShellBind / G0T-B0R3D
  ☆17Updated this week
• attl4s / freeMetsrvLoader
  freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package
  ☆33Updated last year
• realoriginal / krbdump
  A way to extract tickets in case I need to purge and restore tickets on the fly.
  ☆15Updated 4 months ago
• Allevon412 / BreadManModuleStomping
  ☆38Updated 11 months ago
• RixedLabs / IDLE-Abuse
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆50Updated last year
• Wh04m1001 / PICDumper
  ☆24Updated 2 years ago
• zimawhit3 / DynimicGhostWriting
  Windows x64 Process Injection via Ghostwriting with Dynamic Configuration
  ☆27Updated 2 years ago
• EspressoCake / BetterPipename
  Example of using Sleep to create better named pipes.
  ☆41Updated last year
• Und3rf10w / CobaltStrikeBOFs
  Beacon Object Files used for Cobalt Strike
  ☆17Updated last year
• timwhitez / JmpUnhook
  Ntdll Unhooking POC
  ☆19Updated 2 years ago
• D1rkMtr / ADSrunner
  ☆22Updated this week
• EspressoCake / DefenderPathExclusions
  Creation and removal of Defender path exclusions and exceptions in C#.
  ☆29Updated 10 months ago
• Faran-17 / EarlyBird-APC-Injection
  Demonstration of Early Bird APC Injection - MITRE ID T1055.004
  ☆30Updated 10 months ago
• RCStep / RedTeam_Tools_n_Stuff
  Collection of self-made Red Team tools that have come in handy
  ☆11Updated 3 weeks ago
• Hagrid29 / BOF-CredUI
  Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
  ☆18Updated last year
• hackerhouse-opensource / Gigabyte_ElevatePersist
  Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming an…
  ☆30Updated last year
• trainr3kt / Readfile_BoF
  ☆18Updated 2 years ago
• slemire / bof-adopt
  BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.
  ☆14Updated 2 years ago
• zimnyaa / smbsocks
  A simple rpc2socks alternative in pure Go.
  ☆23Updated 2 months ago
• Yair-Men / Passenger
  ProcExp Driver (Ab)use
  ☆20Updated last year
• Cerbersec / pyMetaTwin
  Copy metadata and digital signatures information from one Windows executable to another using Wine on a non-Windows platform
  ☆15Updated 5 months ago