A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.
☆39Aug 8, 2022Updated 3 years ago
Alternatives and similar repositories for CustomXMLPart
Users that are interested in CustomXMLPart are comparing it to the libraries listed below
Sorting:
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- API Hammering with C++20☆51Jul 21, 2022Updated 3 years ago
- ☆29May 10, 2024Updated last year
- Use GZip to compress your .NET assemblies for loading with AssemblyResolve.☆20Apr 11, 2014Updated 11 years ago
- A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…☆25May 19, 2022Updated 3 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- Collection of self-made Red Team tools that have come in handy☆12Aug 25, 2024Updated last year
- ☆170Jan 7, 2022Updated 4 years ago
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- ☆110Feb 17, 2025Updated last year
- Serverless Redirector in various cloud vendor for red team☆73Dec 8, 2022Updated 3 years ago
- A C# Tool to gather information about email breaches☆16Dec 21, 2023Updated 2 years ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆31Jan 30, 2025Updated last year
- Event Data Collector☆39Jan 12, 2026Updated 2 months ago
- Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts wa…☆1,061Oct 14, 2025Updated 5 months ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Living Off the Foreign Land setup scripts☆75Feb 26, 2025Updated last year
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- A Python script that embeds Target VBS into LNK and when executed runs the VBS script from within.☆33Dec 5, 2022Updated 3 years ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 2 years ago
- ☆123Oct 9, 2023Updated 2 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- Visual Basic Code universal Obfuscator intended to be used during penetration testing assignments.☆148Dec 13, 2021Updated 4 years ago
- Standalone Cobalt Strike operation logging Aggressor script for Ghostwriter 2.0+☆36Dec 1, 2025Updated 3 months ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆535Aug 1, 2022Updated 3 years ago
- Classic Bofa adapted to CobaltStrike.☆11Oct 4, 2022Updated 3 years ago
- Self Delete DLL☆22Feb 15, 2024Updated 2 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆136Dec 20, 2022Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Generate password spraying lists based on the pwdLastSet-attribute of users.☆55Dec 6, 2023Updated 2 years ago
- Reverse-HTTP Redirector via DigitalOcean Apps Platform☆32Aug 16, 2023Updated 2 years ago
- A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique☆52Dec 6, 2018Updated 7 years ago
- Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)☆359Mar 2, 2024Updated 2 years ago
- Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality☆287Jun 26, 2023Updated 2 years ago
- .NET/PowerShell/VBA Offensive Security Obfuscator☆520Feb 1, 2024Updated 2 years ago