jacob-baines / concealed_position
Bring your own print driver privilege escalation tool
☆248Updated 3 years ago
Alternatives and similar repositories for concealed_position:
Users that are interested in concealed_position are comparing it to the libraries listed below
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆240Updated 3 years ago
- Apply a filter to the events being reported by windows event logging☆261Updated 3 years ago
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆278Updated 2 years ago
- Command line interface to dump LSASS memory to disk via SilentProcessExit☆443Updated 4 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)☆314Updated 3 years ago
- Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!☆439Updated 2 years ago
- ☆189Updated 2 years ago
- LittleCorporal: A C# Automated Maldoc Generator☆228Updated 3 years ago
- A little tool to play with the Seclogon service☆310Updated 2 years ago
- ☆365Updated 3 years ago
- Koppeling x Metatwin x LazySign☆209Updated 3 years ago
- Leaked Windows processes handles identification tool☆286Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆364Updated 2 years ago
- OffensivePH - use old Process Hacker driver to bypass several user-mode access controls☆330Updated 3 years ago
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆189Updated 3 years ago
- ☆508Updated 5 months ago
- Collection of Beacon Object Files☆579Updated 2 years ago
- Dump the memory of any PPL with a Userland exploit chain☆333Updated 2 years ago
- Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting☆357Updated 2 years ago
- An effort to track security vendors' use of Microsoft's Antimalware Scan Interface☆243Updated 3 years ago
- RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows☆7Updated 3 years ago
- 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.☆128Updated 2 years ago
- ☆376Updated 2 years ago
- Simple EDR implementation to demonstrate bypass☆171Updated 4 years ago
- Remove API hooks from a Beacon process.☆268Updated 3 years ago
- Executes position independent shellcode from an encrypted zip☆302Updated 4 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆157Updated 4 years ago
- A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.☆297Updated last year
- Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…☆453Updated 2 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆215Updated 5 years ago