daVinci13 / Exe2shell
Converts exe to shellcode.
☆75Updated 8 months ago
Related projects: ⓘ
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆163Updated last year
- Load static-compiled PE from remote server.☆56Updated 2 years ago
- BOF combination of KillDefender and Backstab☆153Updated last year
- Convert shellcode generated using pe_2_shellcode to cdb format.☆95Updated 2 years ago
- ☆221Updated this week
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 3 years ago
- CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)☆274Updated 2 years ago
- Silence EDRs by removing kernel callbacks☆220Updated 3 years ago
- ☆150Updated this week
- WIP shellcode loader in nim with EDR evasion techniques☆208Updated 2 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆198Updated 11 months ago
- Generic PE loader for fast prototyping evasion techniques☆175Updated 2 months ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆225Updated last year
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆164Updated last year
- The code is a pingback to the Dark Vortex blog:☆162Updated last year
- (Demo) 3rd party agent for Havoc☆124Updated last year
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆134Updated 2 years ago
- You shall pass☆241Updated 2 years ago
- A Beacon Object File (BOF) is a compiled C program, written to a convention that allows it to execute within a Beacon process and use int…☆111Updated 2 months ago
- ☆100Updated this week
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆177Updated 3 months ago
- Reuse open handles to dynamically dump LSASS.☆231Updated 5 months ago
- A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…☆81Updated 2 months ago
- This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of alm…☆105Updated last year
- Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC b…☆134Updated 2 years ago
- ☆105Updated this week
- GhostWriting Injection Technique.☆162Updated 6 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆126Updated 2 years ago
- A Beacon Object File (BOF) template for Visual Studio☆129Updated last month
- LdrLoadDll Unhooking☆114Updated 2 years ago