A tool for leveraging elevated acess over a computer to boot the computer into Windows Safe Mode, alter settings, and then boot back into Normal Mode.
☆16Nov 6, 2021Updated 4 years ago
Alternatives and similar repositories for To-Safe-Mode-And-Beyond
Users that are interested in To-Safe-Mode-And-Beyond are comparing it to the libraries listed below
Sorting:
- Caesar-Cipher based encryption☆29Mar 1, 2021Updated 5 years ago
- Collection of BOFs for Cobalt Strike☆32Mar 28, 2023Updated 2 years ago
- ☆43Jul 6, 2022Updated 3 years ago
- Proof of concept - Covert Channel using Windows Filtering Platform (C#)☆21Aug 29, 2021Updated 4 years ago
- A PE morphing tool that allows you to mimic one executable file to another.☆11Dec 6, 2023Updated 2 years ago
- A custom run space to bypass AMSI and Constrained Language mode in PowerShell.☆21May 17, 2023Updated 2 years ago
- Python C2 with JScript Implant☆15Nov 15, 2023Updated 2 years ago
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆28Sep 8, 2021Updated 4 years ago
- Generate droppers with encrypted payloads automatically.☆54Nov 16, 2021Updated 4 years ago
- ☆14Sep 26, 2023Updated 2 years ago
- CloudFlare Worker Shell☆14Aug 29, 2020Updated 5 years ago
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆13Jul 16, 2025Updated 7 months ago
- ps-like .NET Assembly for enumerating processes on the current machine or a remote machine.☆13Aug 12, 2019Updated 6 years ago
- Proper Payload Protection Prevents Poor Performance☆76Jul 27, 2022Updated 3 years ago
- D/Invoke port of UrbanBishop☆30Dec 13, 2020Updated 5 years ago
- ☆31Aug 23, 2020Updated 5 years ago
- Nim version of MDSec's Parallel Syscall PoC☆124Jan 14, 2022Updated 4 years ago
- Simple Aggressor Scripts for Cobalt Strike☆13Sep 24, 2020Updated 5 years ago
- fyyre.l2-fashion.de .. old site☆17Apr 27, 2022Updated 3 years ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆13Mar 17, 2022Updated 3 years ago
- Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.☆49Dec 31, 2021Updated 4 years ago
- Using syscall to load shellcode, Evasion techniques☆27Jul 18, 2021Updated 4 years ago
- Shellcode injection using debugging APIs☆19Jan 13, 2014Updated 12 years ago
- A BOF for enumerating version information for DLLs associated for a Beacon process.☆16Nov 23, 2021Updated 4 years ago
- A PowerShell script to prevent Sysmon from writing its events☆17Apr 23, 2020Updated 5 years ago
- ☆15Feb 9, 2022Updated 4 years ago
- ☆53Nov 11, 2021Updated 4 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- COFF and BOF Loader written in Nim☆174Aug 1, 2022Updated 3 years ago
- This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes☆21Mar 11, 2021Updated 4 years ago
- ☆16Dec 20, 2021Updated 4 years ago
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 4 years ago
- ☆13Aug 13, 2019Updated 6 years ago
- Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack. Implemented in C#, C++, Crystal, P…☆124Feb 17, 2026Updated 2 weeks ago
- This script runs multithreading module that connects to a remote TCP server, monitors active (opened) Microsoft Word documents (.doc,.doc…☆33Jul 24, 2020Updated 5 years ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆70Jun 25, 2024Updated last year
- A simple C++ Windows tool to get information about processes exposing named pipes.☆40Mar 6, 2025Updated last year
- Perform Windows domain enumeration via LDAP☆37Jun 7, 2022Updated 3 years ago
- Just another useless C2 occupying space in some HDD somewhere.☆21Jul 4, 2023Updated 2 years ago