Disable PPL via custom driver and dump lsass
☆15Mar 13, 2021Updated 5 years ago
Alternatives and similar repositories for DisablePPLDriverPoc
Users that are interested in DisablePPLDriverPoc are comparing it to the libraries listed below
Sorting:
- inject shellcode into remote process via message hook☆15Oct 28, 2020Updated 5 years ago
- ☆12Aug 10, 2019Updated 6 years ago
- A collection of scripts used to support an OffSecOps pipeline.☆15Jan 31, 2021Updated 5 years ago
- leaking net-ntlm with webdav☆26Feb 23, 2021Updated 5 years ago
- PoC code for CVE-2020-16939 Windows Group Policy DACL Overwrite Privilege Escalation☆12Oct 27, 2020Updated 5 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- PoC for hiding PE exports☆67Dec 19, 2020Updated 5 years ago
- SyscallLoader☆11Sep 13, 2021Updated 4 years ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆29Oct 29, 2021Updated 4 years ago
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆71Nov 14, 2020Updated 5 years ago
- .NET implementation of Cobalt Strike's External C2 Spec☆89Nov 12, 2021Updated 4 years ago
- ☆23May 28, 2021Updated 4 years ago
- Windows 7/2008 R2 EoP☆13Feb 12, 2021Updated 5 years ago
- RunPE using Hell's Gate technique.☆32Dec 4, 2020Updated 5 years ago
- Python3 script to generate a macro to launch a Mythic payload. Author: Cedric Owens☆48Apr 15, 2021Updated 4 years ago
- A C# SSH client☆74Jan 29, 2024Updated 2 years ago
- LoadLibrary for offensive operations☆33Dec 14, 2021Updated 4 years ago
- Hijack Printconfig.dll to execute shellcode☆101Jan 15, 2021Updated 5 years ago
- ☆21Mar 16, 2021Updated 5 years ago
- Dump Teams conversations☆18Jun 9, 2021Updated 4 years ago
- Exactly what it sounds like, which is something rad☆22Oct 12, 2022Updated 3 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆23Sep 15, 2023Updated 2 years ago
- Display Languages Volatile Environment LPE☆12Jun 28, 2025Updated 8 months ago
- 从入门到放弃的产物,学习过程中用python实现的一个单点c2基本功能☆11Mar 11, 2020Updated 6 years ago
- Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.☆99Jul 7, 2020Updated 5 years ago
- Find kernel32 base and API addresses. Simple C++ implementation☆23Apr 7, 2022Updated 3 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Detect and extract hidden files☆22Aug 29, 2024Updated last year
- This project is created for research into antivirus evasion by unhooking.☆18Sep 2, 2021Updated 4 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- A minimal safe version of mimikatz to only allow the export of non-exportable Windows certificates☆26Sep 23, 2018Updated 7 years ago
- Execute Shellcode And Other Goodies From MMC☆14Jun 17, 2015Updated 10 years ago
- LSASS memory dumper using direct system calls and API unhooking.☆21Nov 24, 2020Updated 5 years ago
- A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.☆28Dec 16, 2021Updated 4 years ago
- Secretly record audio and video with chromium based browsers.☆24Feb 14, 2024Updated 2 years ago
- ☆99Sep 20, 2021Updated 4 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- Companion PoC for the "Adventures in Dynamic Evasion" blog post☆129May 25, 2021Updated 4 years ago
- ☆101Aug 23, 2021Updated 4 years ago