nbaertsch / AutoAppDomainHijackLinks
Automated .NET AppDomain hijack payload generation
☆127Updated 8 months ago
Alternatives and similar repositories for AutoAppDomainHijack
Users that are interested in AutoAppDomainHijack are comparing it to the libraries listed below
Sorting:
- Abuse leaked token handles.☆132Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆126Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆146Updated last year
- ☆109Updated 8 months ago
- Remotely Enumerate sessions using undocumented Windows Station APIs☆119Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- ☆91Updated last year
- Terminate AV/EDR leveraging BYOVD attack☆101Updated 7 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆148Updated last year
- A C# port from Invoke-GhostTask☆118Updated last year
- Create Anti-Copy DRM Malware☆67Updated last year
- Lateral Movement☆124Updated last year
- A modification to fortra's CVE-2023-28252 exploit, compiled to exe☆53Updated last year
- Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)☆75Updated last year
- ☆83Updated 5 months ago
- A BOF to enumerate system process, their protection levels, and more.☆120Updated 11 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆98Updated 2 years ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆190Updated 8 months ago
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆142Updated 7 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆140Updated last year
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆154Updated last year
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆86Updated 7 months ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆100Updated 7 months ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆157Updated last year
- ☆135Updated last month
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated last year
- this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)☆83Updated last year
- Command and Control (C2) framework☆132Updated 5 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆52Updated 5 months ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆120Updated last year