gavz / ExplorerPersist
Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when it's get loaded into the explorer process , our malicoius code get executed
☆81Updated 2 years ago
Alternatives and similar repositories for ExplorerPersist:
Users that are interested in ExplorerPersist are comparing it to the libraries listed below
- CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution☆41Updated 9 months ago
- ☆78Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆118Updated 2 years ago
- Winsocket for Cobalt Strike.☆97Updated last year
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆76Updated last year
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆82Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆100Updated last year
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆39Updated last year
- Tool to bypass LSA Protection (aka Protected Process Light)☆44Updated last month
- A C# port from Invoke-GhostTask☆112Updated last year
- A small (Edited) POC to make defender useless by removing its token privileges and lowering the token integrity☆32Updated 2 years ago
- ☆63Updated last year
- A simple Sleepmask BOF example☆86Updated 5 months ago
- ☆123Updated last year
- Terminate AV/EDR leveraging BYOVD attack☆80Updated last year
- I have documented all of the AMSI patches that I learned till now☆74Updated last year
- Modified versions of the Cobalt Strike Process Injection Kit☆92Updated last year
- A simple PoC of injection shellcode into a remote process and get the output using namepipe☆42Updated last year
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆51Updated 2 years ago
- ☆93Updated 5 months ago
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆73Updated last month
- CVE-2024-40711-exp☆38Updated 4 months ago
- Create Anti-Copy DRM Malware☆52Updated 6 months ago
- Reasonably undetected shellcode stager and executer.☆35Updated 5 months ago
- Implementation of Indirect Syscall technique to pop a calc.exe☆96Updated last year
- .bin file to shellcode convertor☆33Updated 7 months ago
- Classic Process Injection with Memory Evasion Techniques implemantation☆66Updated last year
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆45Updated 9 months ago
- ☆138Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆78Updated last year