mimorep / Indirect-Shellcode-ExecutorLinks
Indirect-Shellcode-Executor expoits the miss-configuration/vulnerability present on the API Windows method ReadProcessMemory discovered by DarkCoderSc. It exploits the nature of the in/out pointer param named *lpNumberOfBytesRead, that enables to write into process memory without calling common API methods to do so such as memcpy, this is perfe…
☆82Updated 2 months ago
Alternatives and similar repositories for Indirect-Shellcode-Executor
Users that are interested in Indirect-Shellcode-Executor are comparing it to the libraries listed below
Sorting:
- A Mythic agent for Windows written in C☆153Updated last week
- A BOF to enumerate system process, their protection levels, and more.☆124Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Updated last year
- Lateral movement with DCOM DLL hijacking☆176Updated 7 months ago
- PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin☆121Updated last month
- Agent for AdaptixC2 with focus in evasion, capability and malleable.☆140Updated this week
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆155Updated 10 months ago
- Linker for Beacon Object Files☆147Updated this week
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆135Updated 9 months ago
- ☆126Updated last year
- Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion☆99Updated 6 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆222Updated 3 months ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆85Updated 9 months ago
- Windows Persistence IT-Security☆109Updated 10 months ago
- Shellcode loader☆100Updated last year
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆184Updated 3 months ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆128Updated last week
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆99Updated last week
- ☆55Updated 8 months ago
- Modern PIC implant for Windows (64 & 32 bit)☆105Updated 6 months ago
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆199Updated 9 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆194Updated last year
- Port of Cobalt Strike's Process Inject Kit☆190Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆101Updated last year
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆165Updated 4 months ago
- Stage 0☆169Updated last year
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆121Updated 6 months ago
- BOF to steal Teams cookies☆123Updated 3 months ago
- sideloading PoC using onedrive.exe & version.dll☆91Updated 3 months ago
- ☆145Updated 3 months ago