Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)
☆106Feb 10, 2021Updated 5 years ago
Alternatives and similar repositories for evading-autoruns
Users that are interested in evading-autoruns are comparing it to the libraries listed below
Sorting:
- Remote Recon and Collection☆459Nov 23, 2017Updated 8 years ago
- A WebDAV PROPFIND C2 tool☆119Aug 27, 2019Updated 6 years ago
- ☆30Jul 17, 2018Updated 7 years ago
- Tool written in python3 to determine where the AV signature is located in a binary/payload☆315Mar 24, 2018Updated 7 years ago
- A WebSocket C2 Tool☆411Nov 24, 2017Updated 8 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆163Apr 11, 2017Updated 8 years ago
- The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into a…☆365Nov 19, 2024Updated last year
- MalRecon - Basic Malware Reconnaissance and Analysis Tool☆26Jun 8, 2017Updated 8 years ago
- ☆229May 10, 2018Updated 7 years ago
- A proof of concept for the RDP Inception Attack☆353Jun 29, 2017Updated 8 years ago
- CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.☆176Sep 14, 2017Updated 8 years ago
- Powershell-based Windows Security Auditing Toolbox☆573Jan 9, 2019Updated 7 years ago
- This is a quick POC for using the Matt Nelson (enigma0x3) technique for generating a malicious .SettingContent-ms extension type for remo…☆54Jun 15, 2018Updated 7 years ago
- ☆182Feb 21, 2022Updated 4 years ago
- RedSails is a Python based post-exploitation project aimed at bypassing host based security monitoring and logging. DerbyCon 2017 Talk: h…☆307Oct 18, 2017Updated 8 years ago
- outis is a custom Remote Administration Tool (RAT) or something like that. It was build to support various transport methods (like DNS) a…☆126Sep 19, 2017Updated 8 years ago
- SMB MiTM tool with a focus on attacking clients through file content swapping, lnk swapping, as well as compromising any data passed over…☆383Aug 17, 2018Updated 7 years ago
- Volatility plugin to extract X screenshots from a memory dump☆37May 15, 2018Updated 7 years ago
- SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approa…☆290Aug 7, 2020Updated 5 years ago
- NCC Group's analysis and exploitation of CVE-2017-8759 along with further refinements☆95Sep 19, 2017Updated 8 years ago
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.☆321Jun 5, 2017Updated 8 years ago
- Windows 10 Exploit☆30Oct 29, 2018Updated 7 years ago
- Forward local or remote tcp ports through SMB pipes.☆296Mar 7, 2021Updated 5 years ago
- A C# implementation of the PowerShell Empire Agent☆74Apr 22, 2019Updated 6 years ago
- Collection of PowerShell scripts☆450Dec 18, 2017Updated 8 years ago
- Example DLL to load from Windows NetShell☆182Sep 26, 2016Updated 9 years ago
- Exploit the credentials present in files and memory☆842May 25, 2023Updated 2 years ago
- ☆78May 24, 2018Updated 7 years ago
- morphHTA - Morphing Cobalt Strike's evil.HTA☆526Apr 14, 2023Updated 2 years ago
- Meterpreter Paranoid Mode - SSL/TLS connections☆291May 14, 2019Updated 6 years ago
- GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.☆634Jun 20, 2017Updated 8 years ago
- A payload stager using PowerShell☆183Dec 15, 2019Updated 6 years ago
- Powershell C2 Server and Implants☆575Nov 11, 2019Updated 6 years ago
- Call your own DLL from VBA and execute code under process svchost.exe with WMI☆12Mar 6, 2020Updated 6 years ago
- A shellcode testing harness.☆70Jul 10, 2024Updated last year
- PSAmsi is a tool for auditing and defeating AMSI signatures.☆398Apr 22, 2018Updated 7 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆388Jun 25, 2024Updated last year
- How To Execute Shellcode via HTA☆141Feb 23, 2018Updated 8 years ago
- HTA encryption tool for RedTeams☆1,422Nov 9, 2022Updated 3 years ago