mranv / adPentest
Windows Active DIrectory Pentesting documentation.
☆16Updated 3 months ago
Related projects: ⓘ
- Windows Thread Pool Injection Havoc Implementation☆26Updated 5 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated 6 months ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆43Updated 4 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆52Updated last month
- Construct the payload at runtime using an array of offsets☆59Updated 3 months ago
- The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously.☆23Updated 6 months ago
- Utilities for obfuscating shellcode☆38Updated 2 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆31Updated 2 months ago
- VirusTotal Stealer is a DATA Exfiltration tool that exfitrate office documents and tunnel them over VirusTotal API to the Team Server☆62Updated 11 months ago
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆99Updated last week
- Lifetime AMSI bypass.☆35Updated 2 months ago
- ☆23Updated 4 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 2 months ago
- Section-based payload obfuscation technique for x64☆59Updated last month
- BSides Prishtina 2024 Malware Development and Persistence workshop☆51Updated last month
- Two in one, patch lifetime powershell console, no more etw and amsi!☆79Updated 2 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader☆75Updated 6 months ago
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆104Updated 4 months ago
- ☆121Updated last month
- malleable profile generator GUI for Havoc☆53Updated last year
- ☆58Updated 3 months ago
- Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity☆33Updated 4 months ago
- Template-based generation of shellcode loaders☆63Updated 5 months ago
- ☆21Updated last month
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆72Updated last month
- A pure C version of SymProcAddress☆23Updated 6 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆106Updated last month
- ☆55Updated this week
- ☆119Updated last month
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆14Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass in Rust☆19Updated last month