jhalon / SharpCall
Simple PoC demonstrating syscall execution in C#
☆152Updated 4 years ago
Alternatives and similar repositories for SharpCall:
Users that are interested in SharpCall are comparing it to the libraries listed below
- PoC to demonstrate how CLR ETW events can be tampered.☆184Updated 4 years ago
- New UAC bypass for Silent Cleanup for CobaltStrike☆190Updated 3 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆213Updated 4 years ago
- C# Implementation of the Hell's Gate VX Technique☆208Updated 4 years ago
- Small POC written in C# that performs shellcode injection on x64 processes using direct syscalls as a way to bypass user-land EDR hooks.☆84Updated 5 years ago
- Example code for EDR bypassing☆149Updated 5 years ago
- Another meterpreter injection technique using C# that attempts to bypass Defender☆254Updated 3 years ago
- PoC for UUID shellcode execution using DInvoke☆148Updated 3 years ago
- Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…☆263Updated 3 years ago
- .NET assembly local/remote loading/injection into memory.☆128Updated 5 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆266Updated last year
- NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)☆114Updated last year
- Managed code hooking template.☆129Updated 3 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆139Updated 2 years ago
- Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File☆189Updated 4 years ago
- ☆147Updated 4 years ago
- Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.☆174Updated 3 years ago
- A collection of weird ways to execute unmanaged code in .NET☆160Updated 3 years ago
- A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.☆214Updated last year
- A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/☆184Updated 3 years ago
- C# version of MDSec's ParallelSyscalls☆140Updated 3 years ago
- ☆171Updated 3 years ago
- dem sharp donuts☆188Updated 2 years ago
- Shellcode injector using direct syscalls☆119Updated 4 years ago
- Cobalt Strike Beacon Object Files☆158Updated 2 years ago
- This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes thr…☆192Updated 4 years ago
- Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL…☆162Updated last year
- CSHARP DCOM Fun☆125Updated 5 years ago
- C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThreadContext to evade Get-InjectedThread☆118Updated 5 years ago
- Create a minidump of the LSASS process from memory☆255Updated 2 years ago