hackerhouse-opensource / Artillery
CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administrator.
☆174Updated 10 months ago
Related projects ⓘ
Alternatives and complementary repositories for Artillery
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆300Updated last year
- ☆156Updated last year
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆190Updated 4 months ago
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆247Updated 5 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆168Updated 10 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆143Updated 6 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆146Updated 6 months ago
- ☆125Updated 3 months ago
- Execute shellcode files with rundll32☆181Updated 9 months ago
- 「💀」Proof of concept on BYOVD attack☆147Updated 8 months ago
- Tools for analyzing EDR agents☆208Updated 4 months ago
- Documents Exfiltration project for fun and educational purposes☆143Updated last year
- ☆243Updated 9 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆138Updated 3 months ago
- Open Source C&C Specification☆219Updated 3 weeks ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆273Updated 11 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆135Updated last week
- Slides & Code snippets for a workshop held @ x33fcon 2024☆236Updated 4 months ago
- Extracting NetNTLM without touching lsass.exe☆223Updated 11 months ago
- Native Syscalls Shellcode Injector☆260Updated last year
- ☆181Updated 9 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆171Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆279Updated last year
- Kill AV/EDR leveraging BYOVD attack☆307Updated last year
- Run Your Payload Without Running Your Payload☆176Updated 2 years ago
- AV/EDR Lab environment setup references to help in Malware development☆154Updated last week
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆149Updated 5 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆324Updated 5 months ago
- Different methods to get current username without using whoami☆172Updated 8 months ago