malwareninja / Mockingjay---Vulnerable-DLL-Finder

Related projects: ⓘ

• SaadAhla / D1rkSleep
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆110Updated last year
• EspressoCake / Defender-Exclusions-Creator-BOF
  ☆73Updated 10 months ago
• enkomio / s4killer
  ☆67Updated this week
• ScriptIdiot / sleepmask_PatchlessHook
  Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
  ☆76Updated last year
• gavz / ExplorerPersist
  Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …
  ☆65Updated last year
• 0xHossam / HuffLoader
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader
  ☆75Updated 6 months ago
• VoldeSec / PatchlessInlineExecute-Assembly
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆143Updated last year
• fern89 / C2
  A basic C2 framework written in C
  ☆53Updated 2 months ago
• susMdT / AceLdr
  Cobalt Strike UDRL for memory scanner evasion.
  ☆34Updated 9 months ago
• xforcered / BOFMask
  ☆116Updated last year
• werdhaihai / SharpAltShellCodeExec
  Alternative Shellcode Execution Via Callbacks in C# with P/Invoke
  ☆74Updated last year
• Cipher7 / ApexLdr
  ApexLdr is a DLL Payload Loader written in C
  ☆98Updated 2 months ago
• Octoberfest7 / enumhandles_BOF
  ☆99Updated 2 weeks ago
• klezVirus / RpcProxyInvoke
  Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar
  ☆106Updated last month
• Octoberfest7 / KDStab
  BOF combination of KillDefender and Backstab
  ☆153Updated last year
• realoriginal / titanldr-ng
  A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …
  ☆151Updated last year
• sexyiam / UAC-Bypass
  UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.
  ☆44Updated 4 months ago
• naksyn / DojoLoader
  Generic PE loader for fast prototyping evasion techniques
  ☆175Updated 2 months ago
• Offensive-Panda / on-disk-detection-bypass
  Direct syscalls Injection to bypass AV/EDR
  ☆9Updated 4 months ago
• REDMED-X / InjectKit
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆85Updated 7 months ago
• parzel / GoSleepyCrypt
  In-memory sleep encryption and heap encryption for Go applications through a shellcode function.
  ☆39Updated 8 months ago
• Mav3rick33 / ZenLdr
  Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature
  ☆93Updated last year
• itaymigdal / PartyLoader
  Threadless shellcode injection tool
  ☆56Updated last month
• NioZow / bof-collection
  ☆18Updated last month
• reveng007 / ReflectiveNtdll
  A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…
  ☆163Updated last year
• ewby / Mockingjay_BOF
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆147Updated 10 months ago
• trustedsec / PPLFaultDumpBOF
  ☆132Updated last year
• Octoberfest7 / DropSpawn_BOF
  CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
  ☆214Updated last year
• WKL-Sec / StackMask
  A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
  ☆55Updated last year
• caueb / Mockingjay
  Mockingjay process self injection POC
  ☆14Updated last year