mgeeky / unhook-bofView external linksLinks
Remove API hooks from a Beacon process.
☆14Sep 18, 2021Updated 4 years ago
Alternatives and similar repositories for unhook-bof
Users that are interested in unhook-bof are comparing it to the libraries listed below
Sorting:
- ☆23Apr 28, 2024Updated last year
- ☆25Jul 7, 2022Updated 3 years ago
- Quickly generate every payload type for each listener and optionally host via HTTP.☆22Aug 23, 2021Updated 4 years ago
- Windows Service with the implementation of the Process hollowing technique to run shellcode☆14Jul 20, 2023Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆138Sep 12, 2022Updated 3 years ago
- An injector that aims to be stealthy by using non suspicious API calls. Inspired by (https://github.com/FuzzySecurity/Sharp-Suite/tree/ma…☆24Jun 17, 2020Updated 5 years ago
- A dotnet executable to get an Entra token in an authenticated runtime☆15Oct 30, 2024Updated last year
- Managed code hooking template.☆134Nov 19, 2021Updated 4 years ago
- MSBuild without MSbuild.exe☆135Dec 21, 2020Updated 5 years ago
- Basic C# Project that will take an MSBuild payload and run it with MSBuild via ClickOnce.☆93Oct 24, 2020Updated 5 years ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆70Jun 25, 2024Updated last year
- External C2 Using IE COM Objects☆101Feb 24, 2019Updated 6 years ago
- A C# Tool to gather information about email breaches☆16Dec 21, 2023Updated 2 years ago
- Code for blog written at 0xdarkvortex.dev Red Team TTPs Part 2☆19Oct 8, 2020Updated 5 years ago
- ☆13Jul 24, 2022Updated 3 years ago
- Helpful operator notes and techniques in actionable form☆17Aug 11, 2023Updated 2 years ago
- Proof of Concept for EFSRPC Arbitrary File Upload (CVE-2021-43893)☆64Feb 14, 2022Updated 4 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆349Jul 3, 2022Updated 3 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆145Feb 23, 2022Updated 3 years ago
- Running .NET from VBA☆149Feb 11, 2023Updated 3 years ago
- Executables on Disk? Bleh 🤮☆111May 11, 2023Updated 2 years ago
- An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are a…☆139Oct 1, 2022Updated 3 years ago
- code for the Proxy DLL example blog post☆62Oct 29, 2021Updated 4 years ago
- Another Portable Executable files analysing stuff☆21May 28, 2011Updated 14 years ago
- CobaltStrike Aggressor Script to utilise FuzzySec's Windows Notification Framework Research to Spawn a Shell under Explorer.exe☆16Jul 6, 2019Updated 6 years ago
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆40Sep 23, 2021Updated 4 years ago
- ☆44Oct 16, 2023Updated 2 years ago
- My experience using Windows API for offensive purposes☆17Jul 10, 2021Updated 4 years ago
- A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM☆20Jul 19, 2025Updated 6 months ago
- A BOF tool that can be used to collect passwords using CredUIPromptForWindowsCredentialsName.☆16Jun 16, 2022Updated 3 years ago
- ☆18Aug 19, 2021Updated 4 years ago
- A kernel rootkit with remote command and control interface for windows☆109Jan 22, 2018Updated 8 years ago
- Remove API hooks from a Beacon process.☆283Sep 18, 2021Updated 4 years ago
- CVE-2024-40711-exp☆42Oct 17, 2024Updated last year
- ☆42Aug 10, 2019Updated 6 years ago
- Just learning around new stuff mostly Red Teaming and such but will try to see if I can update or simplify them more, nothing too exotic …☆44Mar 20, 2022Updated 3 years ago
- ☆112Jul 24, 2023Updated 2 years ago
- initial commit☆44Nov 19, 2024Updated last year