nmantani / PS-MOTW
PS-MOTW: PowerShell scripts to set / show / remove MOTW (Mark of the Web)
☆33Updated 10 months ago
Related projects: ⓘ
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆17Updated last year
- Reasonably undetected shellcode stager and executer.☆34Updated last week
- DirSync is a simple proof of concept PowerShell module to demonstrate the impact of delegating DS-Replication-Get-Changes and DS-Replicat…☆24Updated last year
- Extension functionality for the NightHawk operator client☆26Updated 10 months ago
- Windows Thread Pool Injection Havoc Implementation☆26Updated 5 months ago
- A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80☆18Updated 9 months ago
- Lifetime AMSI bypass.☆35Updated 2 months ago
- A pure C version of SymProcAddress☆23Updated 6 months ago
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆25Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 2 months ago
- Lurker is a cross-platform, companion implant to Cobalt Strike built with Go☆18Updated this week
- ☆23Updated last year
- ☆47Updated last year
- ☆42Updated this week
- ☆25Updated last week
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- .NET port of Leron Gray's azbelt tool.☆26Updated last year
- PowerShell script to generate ShellCode in various formats☆22Updated 2 weeks ago
- Some of the presentations, workshops, and labs I gave at public conferences.☆21Updated last week
- Source code and examples for PassiveAggression☆54Updated 3 months ago
- ☆45Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated 6 months ago
- ☆57Updated 9 months ago
- ☆62Updated last month
- Utilities for obfuscating shellcode☆38Updated 2 months ago
- ☆41Updated 8 months ago
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆11Updated 4 months ago
- Enumerate the Domain for Readable and Writable Shares☆15Updated 3 months ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆60Updated last year
- Self Delete DLL☆23Updated 7 months ago