gavz / ExplorerPersist
Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when it's get loaded into the explorer process , our malicoius code get executed
☆75Updated last year
Related projects ⓘ
Alternatives and complementary repositories for ExplorerPersist
- ☆76Updated last year
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆72Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆113Updated last year
- Modified versions of the Cobalt Strike Process Injection Kit☆88Updated 9 months ago
- Winsocket for Cobalt Strike.☆98Updated last year
- ApexLdr is a DLL Payload Loader written in C☆105Updated 4 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆78Updated last year
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆39Updated 10 months ago
- A simple PoC of injection shellcode into a remote process and get the output using namepipe☆37Updated 10 months ago
- ☆62Updated 9 months ago
- ☆87Updated 2 months ago
- A C# port from Invoke-GhostTask☆110Updated 10 months ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆149Updated last year
- Execute commands in other Sessions☆80Updated 3 months ago
- ☆94Updated last year
- TeamServer and Client of Exploration Command and Control Framework☆68Updated this week
- CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution☆40Updated 6 months ago
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆44Updated 6 months ago
- TypeLib persistence technique☆75Updated 3 weeks ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader☆85Updated 8 months ago
- ☆77Updated last year
- ☆133Updated last year
- ☆146Updated last year
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- Terminate AV/EDR leveraging BYOVD attack☆78Updated last year
- wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures …☆32Updated 5 months ago
- Reasonably undetected shellcode stager and executer.☆35Updated 2 months ago
- .bin file to shellcode convertor☆29Updated 4 months ago