mr-r3bot / bof-modules
BOF for C2 framework
☆40Updated this week
Related projects ⓘ
Alternatives and complementary repositories for bof-modules
- Dynamically resolve API function addresses at runtime in a secure manner.☆44Updated last month
- Section-based payload obfuscation technique for x64☆58Updated 3 months ago
- ☆47Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 4 months ago
- ☆27Updated 5 months ago
- ☆27Updated 2 months ago
- Example of using Sleep to create better named pipes.☆41Updated last year
- Creation and removal of Defender path exclusions and exceptions in C#.☆30Updated last year
- ☆26Updated 3 months ago
- Threadless shellcode injection tool☆59Updated 3 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆70Updated 3 weeks ago
- DFSCoerce exe revisited version with custom authentication☆35Updated 9 months ago
- Sample Rust Hooking Engine☆34Updated 7 months ago
- Bypassing Amsi using LdrLoadDll☆22Updated 3 weeks ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆15Updated 8 months ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆31Updated 5 months ago
- A pure C version of SymProcAddress☆23Updated 7 months ago
- early cascade injection PoC based on Outflanks blog post, in rust☆42Updated this week
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- ☆35Updated 2 weeks ago
- convert compatible dlls to shellcode with sRDI. I don't remember where this came from, so if you recognize the code, let me know and I'll…☆12Updated 6 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆54Updated 7 months ago
- RunPE adapted for x64 and written in C, does not use RWX☆24Updated 5 months ago
- ☆46Updated last year
- Bunch of BOF files☆23Updated 9 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆21Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆38Updated last year
- shell code example☆14Updated 3 weeks ago