Quickly search for references to a GUID in DLLs, EXEs, and drivers
☆74Dec 10, 2021Updated 4 years ago
Alternatives and similar repositories for FindETWProviderImage
Users that are interested in FindETWProviderImage are comparing it to the libraries listed below
Sorting:
- Send and receive messages over Named Pipes asynchronously.☆39Sep 17, 2021Updated 4 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆95Mar 8, 2023Updated 3 years ago
- Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly☆90Sep 30, 2024Updated last year
- ☆101Aug 23, 2021Updated 4 years ago
- C# Implementation of Jared Atkinson's Get-InjectedThread.ps1☆54Jul 11, 2021Updated 4 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- Proof of concept - Covert Channel using Windows Filtering Platform (C#)☆21Aug 29, 2021Updated 4 years ago
- Load .net assemblies from memory while having them appear to be loaded from an on-disk location.☆173May 5, 2021Updated 4 years ago
- A C# tool to search through a running instance of Outlook for keywords☆111Jan 14, 2021Updated 5 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆186Jul 21, 2022Updated 3 years ago
- Silencing Sysmon via driver unload☆236Oct 13, 2022Updated 3 years ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Koppeling x Metatwin x LazySign☆216Aug 26, 2021Updated 4 years ago
- Companion PoC for the "Adventures in Dynamic Evasion" blog post☆129May 25, 2021Updated 4 years ago
- ☆37Dec 27, 2021Updated 4 years ago
- Load any Beacon Object File using Powershell!☆261Dec 9, 2021Updated 4 years ago
- ☆53Sep 16, 2021Updated 4 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆109Oct 10, 2021Updated 4 years ago
- Tools and PoCs for Windows syscall investigation.☆367Dec 2, 2025Updated 3 months ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- Strstr with user-supplied needle and filename as a BOF.☆32Sep 27, 2021Updated 4 years ago
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆28Sep 8, 2021Updated 4 years ago
- Simple tool to use LsaManageSidNameMapping get LSA to add or remove SID to name mappings.☆26Oct 25, 2020Updated 5 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)☆233Jun 10, 2022Updated 3 years ago
- COFF and BOF Loader written in Nim☆174Aug 1, 2022Updated 3 years ago
- C# port of the Get-AppLockerPolicy PS cmdlet☆100Dec 8, 2022Updated 3 years ago
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- ☆155Jul 31, 2022Updated 3 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆123May 22, 2021Updated 4 years ago
- Patch AMSI and ETW☆250May 8, 2024Updated last year
- C# alternative to the linux "cat" command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly☆15Jul 15, 2021Updated 4 years ago
- Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.☆119Apr 22, 2021Updated 4 years ago
- UUID based Shellcode loader for your favorite C2☆86Dec 8, 2021Updated 4 years ago
- A simple COM server which provides a component to run shellcode☆148May 12, 2020Updated 5 years ago
- Finding SSL Blindspots for Red Teams☆34Jul 28, 2020Updated 5 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 4 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆772Sep 4, 2024Updated last year