A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.
☆39Aug 8, 2022Updated 3 years ago
Alternatives and similar repositories for CustomXMLPart
Users that are interested in CustomXMLPart are comparing it to the libraries listed below
Sorting:
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- ☆29May 10, 2024Updated last year
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- Event Data Collector☆39Jan 12, 2026Updated last month
- A Python script that embeds Target VBS into LNK and when executed runs the VBS script from within.☆33Dec 5, 2022Updated 3 years ago
- Use GZip to compress your .NET assemblies for loading with AssemblyResolve.☆20Apr 11, 2014Updated 11 years ago
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…☆25May 19, 2022Updated 3 years ago
- Serverless Redirector in various cloud vendor for red team☆73Dec 8, 2022Updated 3 years ago
- Standalone Cobalt Strike operation logging Aggressor script for Ghostwriter 2.0+☆35Dec 1, 2025Updated 2 months ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- ☆123Oct 9, 2023Updated 2 years ago
- A C# Tool to gather information about email breaches☆16Dec 21, 2023Updated 2 years ago
- ☆109Feb 17, 2025Updated last year
- API Hammering with C++20☆50Jul 21, 2022Updated 3 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- ☆170Jan 7, 2022Updated 4 years ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 2 years ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- Beacon Object File to locate and suspend the threads hosting the Event Log service☆29Jun 17, 2022Updated 3 years ago
- Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts wa…☆1,051Oct 14, 2025Updated 4 months ago
- Generate password spraying lists based on the pwdLastSet-attribute of users.☆55Dec 6, 2023Updated 2 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- Visual Basic Code universal Obfuscator intended to be used during penetration testing assignments.☆148Dec 13, 2021Updated 4 years ago
- Living Off the Foreign Land setup scripts☆74Feb 26, 2025Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆135Dec 20, 2022Updated 3 years ago
- HTML Smuggling with Web Assembly☆66Feb 20, 2024Updated 2 years ago
- This is a 64 bit VBA implementation of Christophe Tafani-Dereeper's original VBA code described in his blog @ https://blog.christophetd.f…☆21Feb 2, 2020Updated 6 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- A quick and dirty way to bypass encrypted EPA to connect to a NetScaler Gateway☆20Oct 11, 2019Updated 6 years ago
- ☆57Apr 19, 2023Updated 2 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- Collection of self-made Red Team tools that have come in handy☆12Aug 25, 2024Updated last year
- About C# loader that copies a chunk at the time of the shellcode in memory in a suspended process, rather that all at once☆13Jul 14, 2022Updated 3 years ago
- (PoC) Tiny Excel BIFF8 Generator, to Embedded 4.0 Macros in xls files without Excel.☆44Aug 1, 2021Updated 4 years ago
- Proof of Concept in Go from Secureworks' research on Azure Active Directory Brute-Force Attacks. Inspired by @treebuilder's POC on PowerS…☆14Feb 23, 2022Updated 4 years ago