CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.
☆301Feb 2, 2026Updated last month
Alternatives and similar repositories for Stinger
Users that are interested in Stinger are comparing it to the libraries listed below
Sorting:
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆183Feb 2, 2026Updated last month
- A beacon object file implementation of PoolParty Process Injection Technique.☆434Dec 21, 2023Updated 2 years ago
- Bypassing UAC with SSPI Datagram Contexts☆461Sep 24, 2023Updated 2 years ago
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆225Nov 23, 2023Updated 2 years ago
- The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.☆318Feb 2, 2026Updated last month
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- PoC demonstrating a multi process injection chain aimed at remotely executing shellcode☆260Jan 21, 2024Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆293Jul 15, 2023Updated 2 years ago
- Collection of UAC Bypass Techniques Weaponized as BOFs☆607Feb 21, 2024Updated 2 years ago
- Patching "signtool.exe" to accept expired certificates for code-signing.☆340Feb 2, 2026Updated last month
- An interactive shell to spoof some LOLBins command line☆188Jan 27, 2024Updated 2 years ago
- yet another AV killer tool using BYOVD☆305Dec 12, 2023Updated 2 years ago
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆443Jul 8, 2024Updated last year
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆614Jan 2, 2025Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆204Dec 27, 2023Updated 2 years ago
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆287Jan 21, 2024Updated 2 years ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.☆250Jun 11, 2024Updated last year
- ☆223Mar 10, 2024Updated last year
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,821Nov 3, 2024Updated last year
- A GUI wrapper inside of Havoc to interact with bloodhound CE☆70Feb 3, 2024Updated 2 years ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆427Feb 11, 2024Updated 2 years ago
- CPP AV/EDR Killer☆480Nov 28, 2023Updated 2 years ago
- Cobalt Strike HTTPS beaconing over Microsoft Graph API☆622Jun 25, 2024Updated last year
- A BOF that runs unmanaged PEs inline☆681Oct 23, 2024Updated last year
- UAC Bypass By Abusing Kerberos Tickets☆508Aug 10, 2023Updated 2 years ago
- Various one-off pentesting projects written in Nim. Updates happen on a whim.☆160Jul 14, 2025Updated 7 months ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆539May 9, 2025Updated 9 months ago
- Ask a TGS on behalf of another user without password☆482Mar 30, 2025Updated 11 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆539Feb 13, 2024Updated 2 years ago
- Stage 0☆169Dec 18, 2024Updated last year
- A CIA tradecraft technique to asynchronously detect when a process is created using WMI.☆138Feb 2, 2026Updated last month
- Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8☆351Aug 29, 2024Updated last year
- Generate an obfuscated DLL that will disable AMSI & ETW☆330Jul 15, 2024Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆409Jan 11, 2026Updated last month
- Use hardware breakpoint to dynamically change SSN in run-time☆279Apr 10, 2024Updated last year
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆592Jun 12, 2024Updated last year
- ☆707Nov 7, 2023Updated 2 years ago