mdsecactivebreach / firewalker
β146Updated 4 years ago
Related projects: β
- Collection of beacon object files for use with Cobalt Strike to facilitate π.β164Updated 3 years ago
- PoC to demonstrate how CLR ETW events can be tampered.β184Updated 4 years ago
- C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThreadContext to evade Get-InjectedThreadβ119Updated 5 years ago
- Shellcode injector using direct syscallsβ116Updated 4 years ago
- Example code for using named pipe output with beacon ReflectiveDLLsβ108Updated 4 years ago
- POC for NetworkService PrivEscβ122Updated 4 years ago
- A fake AMSI Provider which can be used for persistence.β134Updated 3 years ago
- β111Updated 4 years ago
- Cobalt Strike Beacon Object Filesβ158Updated 2 years ago
- β131Updated this week
- Example code for EDR bypassingβ149Updated 5 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilegeβ121Updated 3 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().β213Updated 4 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or proβ¦β265Updated last year
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userlaβ¦β119Updated 2 years ago
- Simple EDR implementation to demonstrate bypassβ152Updated 4 years ago
- Evasive Process Hollowing Techniquesβ132Updated 4 years ago
- Source code for HppDLL - local password dumping using MsvpPasswordValidate hooksβ1Updated 3 years ago
- Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object Fileβ184Updated 3 years ago
- β88Updated this week
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe processβ97Updated last year
- A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.β212Updated last year
- My CobaltStrike BOFSβ156Updated 2 years ago
- New UAC bypass for Silent Cleanup for CobaltStrikeβ187Updated 3 years ago
- Cobalt Strike Aggressor extension for Visual Studio Codeβ123Updated 2 months ago
- Evading WinDefender ATP credential-theftβ251Updated 4 years ago
- Remove API hooks from a Beacon process.β263Updated 3 years ago
- MSBuild without MSbuild.exeβ129Updated 3 years ago
- Script to use SysWhispers2 direct system calls from Cobalt Strike BOFsβ117Updated 2 years ago