Shellcode capable of bypassing EAF / IAF mitigations
☆28Apr 11, 2023Updated 3 years ago
Alternatives and similar repositories for IAF-EAF-Shellcode-bypass-PoC
Users that are interested in IAF-EAF-Shellcode-bypass-PoC are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 3 years ago
- List web account manager (WAM) accounts added to the current profile☆26Dec 11, 2025Updated 4 months ago
- A small set of Beacon Object Files (BOFs) that I developed over the time with a Magic: The Gathering theme.☆21Jul 15, 2025Updated 9 months ago
- Help red teams find opsec processes during engagements☆43Dec 7, 2024Updated last year
- A python tool to generate an Excel file linking the list of cracked accounts and their LDAP attributes.☆12Jan 31, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- SharpCoercer is a .NET 4.8 C# tool that leverages 16 different RPC-based coercion methods to force remote Windows hosts to authenticate t…☆58Jul 13, 2025Updated 9 months ago
- Bof of RegPwn by MDSec☆118Mar 15, 2026Updated last month
- ☆59Feb 19, 2026Updated 2 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆41Aug 5, 2025Updated 8 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆139Aug 31, 2025Updated 8 months ago
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- BOF to decrypt Signal Desktop chat logs☆70Feb 20, 2025Updated last year
- Cobalt Strike notifications via NTFY.☆15Sep 24, 2024Updated last year
- modified mssqlclient from impacket to extract policies from the SCCM database☆47Feb 24, 2026Updated 2 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- open source port/reimplementation of the Cobalt Strike BOF Loader as is☆72Mar 8, 2026Updated last month
- Rust crate to parse user-mode minidump files generated on Windows☆18Nov 17, 2025Updated 5 months ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆43Dec 7, 2025Updated 4 months ago
- ForsHops☆60Mar 25, 2025Updated last year
- Filesystem interaction via firebeam virtual machine execution☆52Mar 26, 2026Updated last month
- Hotkey-based keylogger for Windows☆33Oct 17, 2024Updated last year
- ☆43Feb 18, 2025Updated last year
- a minimalistic winrm client written in python☆28Apr 17, 2026Updated last week
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆108Feb 25, 2025Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆122Sep 8, 2024Updated last year
- The samples referenced in my book, Evasive Malware (No starch Press)☆60Feb 20, 2026Updated 2 months ago
- ☆97Jan 21, 2025Updated last year
- A synergized Visual Studio and Rust development environment☆19Jan 25, 2025Updated last year
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆76Mar 15, 2026Updated last month
- Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.☆215Oct 9, 2022Updated 3 years ago
- really ?☆12Feb 29, 2024Updated 2 years ago
- ☆163Apr 17, 2024Updated 2 years ago
- Shellcode Loader Utilizing ETW Events☆66Feb 26, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Extended Process List (Search functionality)☆29Jan 23, 2021Updated 5 years ago
- One WSL BOF to rule them all☆175Jan 14, 2026Updated 3 months ago
- This tool exploits Golden DMSA attack against delegated Managed Service Accounts.☆95Jul 15, 2025Updated 9 months ago
- A powerful, modular, lightweight and efficient command & control framework written in Nim.☆224Nov 3, 2025Updated 5 months ago
- A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and sta…☆199Mar 15, 2026Updated last month
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 11 months ago
- Cobalt Strike BOF for evasive .NET assembly execution☆317Mar 31, 2025Updated last year