An example of how to spawn a process with a spoofed parent PID (Visual C++)
☆29Mar 3, 2019Updated 7 years ago
Alternatives and similar repositories for PPID_spoof
Users that are interested in PPID_spoof are comparing it to the libraries listed below
Sorting:
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆158Jun 10, 2019Updated 6 years ago
- alternative to procdump☆11May 26, 2021Updated 4 years ago
- Installs And Executes Shellcode☆12Jul 26, 2015Updated 10 years ago
- Miscellaneous C-Sharp projects for red team activities☆24Aug 12, 2022Updated 3 years ago
- Aggressor Script to Execute Assemblies from Github☆71Nov 30, 2020Updated 5 years ago
- A collection of C# tools for various purposes (kerberoasting, tickets, mimikatz, privesc, domain enumeration and more)☆80Aug 12, 2019Updated 6 years ago
- ☆22Jan 15, 2025Updated last year
- Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as trigger☆58Oct 7, 2020Updated 5 years ago
- CobaltStrike Aggressor Script to utilise FuzzySec's Windows Notification Framework Research to Spawn a Shell under Explorer.exe☆16Jul 6, 2019Updated 6 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- A tool that helps you get system shell without UAC prompt☆50Oct 8, 2018Updated 7 years ago
- Hide .Net assembly into png images☆36Aug 11, 2019Updated 6 years ago
- Minimalist Custom .NET Core Garbage Collector☆23Jun 15, 2020Updated 5 years ago
- ReflectiveDLL学习代码☆35Jul 12, 2020Updated 5 years ago
- Remote code execution in Power Platform connectors via JSON deserialization☆23Mar 30, 2023Updated 2 years ago
- WMI Event Subscription Persistence in C#☆112May 29, 2019Updated 6 years ago
- Reverseshell Generator☆10Dec 13, 2017Updated 8 years ago
- Zimbra XXE+SSRF+UPLOAD Poc☆59Jun 25, 2019Updated 6 years ago
- CobaltStrike External C2 for Websockets☆197Jul 16, 2019Updated 6 years ago
- Lightweight FreeBSD rootkit for stealth persistence, process hiding, and system control.☆19Mar 2, 2020Updated 6 years ago
- Run Rubeus via Rundll32☆207Apr 25, 2020Updated 5 years ago
- PoC for CVE-2019-0888 - Use-After-Free in Windows ActiveX Data Objects (ADO)☆40Jul 9, 2019Updated 6 years ago
- Simple tool collection for escalation to NT AUTHORITY\SYSTEM from recently disclosed Steam Client Zero Day☆38Aug 12, 2019Updated 6 years ago
- C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThreadContext to evade Get-InjectedThread☆119Apr 9, 2019Updated 6 years ago
- The program is designed to dump full memory of the process by specifing process name or process id.☆41Jul 29, 2019Updated 6 years ago
- CVE-2019-14540 Exploit☆21Aug 21, 2019Updated 6 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- This is the linux version of the R.A.T client written in c#☆10Jun 25, 2017Updated 8 years ago
- Use to browse the share file by eas(Exchange Server ActiveSync)☆46Jun 28, 2020Updated 5 years ago
- ☆10May 23, 2019Updated 6 years ago
- AntSword Generate Shell Plugin☆12Jun 26, 2022Updated 3 years ago
- A Mobicore Trustlet/Driver Binary Loader for Ghidra☆13Jul 10, 2019Updated 6 years ago
- SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.☆93Feb 15, 2021Updated 5 years ago
- C# code to run shellcode in a sneaky way☆93Oct 2, 2020Updated 5 years ago
- SharpAddDomainMachine☆69Oct 12, 2021Updated 4 years ago
- ☆43Aug 1, 2019Updated 6 years ago
- Python api for usage with cobalt strike's External C2 specification☆72Feb 15, 2018Updated 8 years ago
- Custom Metasploit post module to executing a .NET Assembly from Meterpreter session☆347Jul 21, 2020Updated 5 years ago
- UIAccess UAC Bypass using token duplication and keyboard events☆27Sep 26, 2019Updated 6 years ago