gatariee / Winton
Command and Control (C2) framework
☆124Updated 10 months ago
Alternatives and similar repositories for Winton:
Users that are interested in Winton are comparing it to the libraries listed below
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆144Updated 9 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆193Updated 8 months ago
- ☆139Updated 6 months ago
- Stage 0☆153Updated 2 months ago
- ☆164Updated 3 months ago
- Port of Cobalt Strike's Process Inject Kit☆165Updated 2 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆150Updated 9 months ago
- Evasive Golang Loader☆131Updated 6 months ago
- 「💀」Proof of concept on BYOVD attack☆154Updated 2 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆172Updated 2 months ago
- Just another C2 Redirector using CloudFlare.☆86Updated 9 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆83Updated 7 months ago
- Local & remote Windows DLL Proxying☆162Updated 8 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 6 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆185Updated 4 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆216Updated 2 months ago
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆158Updated 2 months ago
- A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …☆157Updated 2 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆96Updated last year
- Extracting NetNTLM without touching lsass.exe☆233Updated last year
- Evade EDR's the simple way, by not touching any of the API's they hook.☆84Updated 3 weeks ago
- Adversary Emulation Framework☆66Updated 7 months ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆55Updated 7 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆88Updated 8 months ago
- Lateral Movement☆122Updated last year
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆147Updated last year
- Automated .NET AppDomain hijack payload generation☆119Updated 2 weeks ago
- Construct the payload at runtime using an array of offsets☆61Updated 8 months ago
- ☆143Updated 2 months ago