mertdas / RedPersist
☆215Updated last year
Alternatives and similar repositories for RedPersist:
Users that are interested in RedPersist are comparing it to the libraries listed below
- A Tool that aims to evade av with binary padding☆148Updated 9 months ago
- 🐍 Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.☆156Updated last year
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆204Updated last year
- ☆224Updated 11 months ago
- Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.☆238Updated 10 months ago
- Fileless atexec, no more need for port 445☆366Updated last year
- Weaponized HellsGate/SigFlip☆199Updated last year
- ☆116Updated last month
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆205Updated last year
- Terminate AV/EDR Processes using kernel driver☆341Updated last year
- Dumping LSASS with a duplicated handle from custom LSA plugin☆200Updated 3 years ago
- Use ESC1 to perform a makeshift DCSync and dump hashes☆205Updated last year
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆226Updated last year
- Evasive Golang Loader☆131Updated 8 months ago
- Execute shellcode from a remote-hosted bin file using Winhttp.☆233Updated last year
- Leverage WindowsApp createdump tool to obtain an lsass dump☆148Updated 7 months ago
- ☆163Updated last year
- An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are a…☆133Updated 2 years ago
- TeamServer and Client of Exploration Command and Control Framework☆124Updated 3 weeks ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆224Updated 2 years ago
- A list of python tools to help create an OPSEC-safe Cobalt Strike profile.☆417Updated last year
- Terminate AV/EDR leveraging BYOVD attack☆83Updated last month
- Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.☆298Updated 2 years ago
- Attempt at Obfuscated version of SharpCollection☆206Updated last week
- ☆97Updated last year
- Escalate Service Account To LocalSystem via Kerberos☆394Updated last year
- Execute shellcode files with rundll32☆198Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆298Updated 5 months ago
- ☆327Updated 2 months ago
- PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.☆405Updated 10 months ago