mr-r3bot / bof-modules
BOF for C2 framework
☆40Updated last week
Related projects ⓘ
Alternatives and complementary repositories for bof-modules
- ☆47Updated last year
- Section-based payload obfuscation technique for x64☆58Updated 3 months ago
- ☆28Updated 5 months ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆46Updated last month
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 4 months ago
- stack spoofing☆50Updated this week
- Example of using Sleep to create better named pipes.☆41Updated last year
- ☆27Updated 3 months ago
- Sample Rust Hooking Engine☆34Updated 7 months ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆30Updated last year
- A pure C version of SymProcAddress☆23Updated 8 months ago
- ☆37Updated 3 weeks ago
- Bunch of BOF files☆24Updated 9 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆57Updated 8 months ago
- Rewrite to fit my needs☆25Updated 4 months ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆16Updated 8 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆14Updated last year
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆31Updated 6 months ago
- DFSCoerce exe revisited version with custom authentication☆36Updated 10 months ago
- Sniffing files generator☆38Updated this week
- Click Once + App Domain☆62Updated 11 months ago
- ☆26Updated 3 months ago
- convert compatible dlls to shellcode with sRDI. I don't remember where this came from, so if you recognize the code, let me know and I'll…☆12Updated 7 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆37Updated 10 months ago
- A more reliable way of resolving syscall numbers in Windows☆49Updated 9 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆38Updated last year
- A process injection technique using only thread context manipulation☆23Updated 11 months ago
- .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…☆42Updated 3 months ago