diversenok / TokenUniverse
An advanced tool for working with access tokens and Windows security policy.
☆571Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for TokenUniverse
- Project for tracking publicly disclosed DLL Hijacking opportunities.☆664Updated last week
- A DLL loader with advanced evasive features☆657Updated last year
- Loads any C# binary in mem, patching AMSI + ETW.☆800Updated 3 years ago
- Execute unmanaged Windows executables in CobaltStrike Beacons☆636Updated last year
- A .NET tool for exporting and importing certificates without touching disk.☆477Updated 3 years ago
- PoCs and tools for investigation of Windows process execution techniques☆882Updated this week
- ☆566Updated last week
- LoadLibrary for offensive operations☆1,090Updated 3 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆686Updated 8 months ago
- Tools and PoCs for Windows syscall investigation.☆354Updated 6 months ago
- Spartacus DLL/COM Hijacking Toolkit☆995Updated 9 months ago
- Various ways to execute shellcode☆475Updated 8 months ago
- OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team…☆791Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆621Updated last year
- .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py☆593Updated last year
- Kernel mode WinDbg extension and PoCs for token privilege investigation.☆816Updated this week
- Cobalt Strike UDRL for memory scanner evasion.☆880Updated 5 months ago
- ☆461Updated 2 years ago
- ☆1,529Updated 2 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆628Updated last year
- ☆377Updated last year
- KaynLdr is a Reflective Loader written in C/ASM☆521Updated 11 months ago
- Dump the memory of a PPL with a userland exploit☆845Updated 2 years ago
- A centralized resource for previously documented WDAC bypass techniques☆483Updated 6 months ago
- RPC Monitor tool based on Event Tracing for Windows☆330Updated 3 months ago
- Killing your preferred antimalware by abusing native symbolic links and NT paths.☆351Updated 2 years ago
- ☆482Updated 2 months ago
- Analyse your malware to surgically obfuscate it☆419Updated last year
- Enumerate and disable common sources of telemetry used by AV/EDR.☆770Updated 3 years ago