eladshamir / BadWindowsService
An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities
☆44Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for BadWindowsService
- WhoAmI by asking the LDAP service on a domain controller.☆58Updated 2 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆51Updated 4 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆100Updated 3 years ago
- all credits go to @mgeeky☆58Updated 3 years ago
- A work in progress BOF/COFF loader in Rust☆45Updated last year
- Cobalt Strike BOF for quser.exe implementation using Windows API☆83Updated last year
- Beacon Object Files (not Buffer Overflows)☆51Updated last year
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆27Updated 3 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆38Updated last year
- Bunch of BOF files☆24Updated 9 months ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆30Updated 8 months ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆88Updated 2 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆50Updated 2 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Updated 3 years ago
- A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.☆47Updated 3 years ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆16Updated 8 months ago
- ☆51Updated 3 years ago
- IOXIDResolver from AirBus Security/PingCastle☆45Updated 4 years ago
- Dump Citrix Secure Access auth cookie from the process memory☆72Updated 2 years ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆26Updated 3 years ago
- ☆39Updated 10 months ago
- ☆35Updated 2 years ago
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆33Updated last year
- C# Tool to interact with MS Exchange based on MS docs☆98Updated last year
- ☆54Updated 3 years ago
- this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…☆82Updated 2 years ago
- ☆37Updated 2 years ago