nbaertsch / AutoAppDomainHijackLinks
Automated .NET AppDomain hijack payload generation
☆127Updated 6 months ago
Alternatives and similar repositories for AutoAppDomainHijack
Users that are interested in AutoAppDomainHijack are comparing it to the libraries listed below
Sorting:
- Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)☆72Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆122Updated 10 months ago
- ☆90Updated last year
- ☆107Updated 5 months ago
- A C# port from Invoke-GhostTask☆117Updated last year
- Abuse leaked token handles.☆132Updated last year
- Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion☆88Updated 3 weeks ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆78Updated 5 months ago
- A BOF to enumerate system process, their protection levels, and more.☆117Updated 8 months ago
- Tool to bypass LSA Protection (aka Protected Process Light)☆56Updated 7 months ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆157Updated last year
- Lateral Movement☆124Updated last year
- ☆189Updated 4 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated last year
- Terminate AV/EDR leveraging BYOVD attack☆89Updated 4 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆153Updated last year
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆147Updated last year
- ☆82Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- A tool for coercing and relaying Kerberos authentication over DCOM and RPC.☆115Updated 2 weeks ago
- Construct the payload at runtime using an array of offsets☆63Updated last year
- A Mythic agent for Windows written in C☆131Updated 2 weeks ago
- Lateral movement with DCOM DLL hijacking☆133Updated last month
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆50Updated 2 months ago
- C++ Staged Shellcode Loader with Evasion capabilities.☆94Updated 9 months ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆89Updated last year
- C# havoc implant☆101Updated 2 years ago
- this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)☆83Updated last year
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆140Updated 4 months ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆186Updated 5 months ago