jackson5sec / ShimDB
Shim database persistence (Fin7 TTP)
☆37Updated 5 years ago
Alternatives and similar repositories for ShimDB:
Users that are interested in ShimDB are comparing it to the libraries listed below
- A C++ POC for process injection using NtCreateSectrion, NtMapViewOfSection and RtlCreateUserThread. Credit to @spotheplanet for his notes…☆43Updated 3 years ago
- ☆45Updated 6 years ago
- Inject .Net payloads into other .Net assemblies on disk☆61Updated 5 years ago
- ReaCOM has got a lot of tools to use and is related to component object model☆74Updated 5 years ago
- Exercises for C# Workshop at Wild West Hackin' Fest 2018 & 2019.☆64Updated 5 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Updated 6 years ago
- ☆37Updated 5 years ago
- few months old but better than nothing☆58Updated 3 years ago
- medium-rare☆28Updated 5 years ago
- C++ POC code for the wlbsctrl.dll hijack on IKEEXT☆53Updated 5 years ago
- ☆70Updated 6 years ago
- A minimal safe version of mimikatz to only allow the export of non-exportable Windows certificates☆25Updated 6 years ago
- Ps1jacker is a tool for generating COM Hijacking payload.☆61Updated last month
- A tool to create COM class/interface relationships in neo4j☆48Updated 2 years ago
- Windows Stagers to circumvent restrictive network environments☆64Updated 6 months ago
- CACTUSTORCH: Payload Generation for Adversary Simulations☆75Updated 6 years ago
- POSHSPY backdoor code☆43Updated 7 years ago
- .NET tool for enumeration processes and dumping memory.☆56Updated 5 years ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆74Updated 5 years ago
- A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…☆19Updated 4 years ago
- Cobalt Strike Aggressor script menu for Powerview/SharpView☆28Updated 5 years ago
- Process reimaging proof of concept code☆96Updated 5 years ago
- Extract the password of the current user from flow (keylogger, config file, ..) Use SSPI to get a valid NTLM challenge/response and test …☆58Updated 6 years ago
- Tool for injecting a "TCP Relay" managed assembly into an unmanaged process☆64Updated 5 years ago
- ☆46Updated 4 years ago
- Use bitsadmin to maintain persistence and bypass Autoruns☆66Updated 7 years ago
- IBM RedCON 2020 - Throwing an AquaWrench into the Kernel☆44Updated 4 years ago
- Community maintained list of most popular HIPS service and process names on a Windows Platform.☆43Updated 2 years ago
- ☆25Updated 6 years ago
- Bash one-liner that will parse harmj0y's SharpRoast or Rebeus kerberoast into hashcat crack-able format.☆32Updated 6 years ago