nullsection / Sneaky-DLL-Stager

Related projects ⓘ

Alternatives and complementary repositories for Sneaky-DLL-Stager

• Idov31 / NidhoggScript
  NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
  ☆47Updated 8 months ago
• susMdT / SharpAgent
  C# havoc implant
  ☆96Updated last year
• REDMED-X / InjectKit
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆88Updated 9 months ago
• 0xv1n / Havoc-ProfileGenerator
  malleable profile generator GUI for Havoc
  ☆56Updated last year
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆39Updated 4 months ago
• MayerDaniel / profiler-lateral-movement
  Lateral Movement via the .NET Profiler
  ☆76Updated 5 months ago
• EspressoCake / DefenderPathExclusions
  Creation and removal of Defender path exclusions and exceptions in C#.
  ☆30Updated last year
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆68Updated last year
• ps1337 / Lastenzug
  Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
  ☆25Updated 2 years ago
• NVISOsecurity / cs2br-bof
  ☆59Updated 3 months ago
• jsecu / BOF-pack-1
  A care package of useful bofs for red team engagments
  ☆48Updated 2 years ago
• ChoiSG / OneDriveUpdaterSideloading
  Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post
  ☆86Updated 2 years ago
• waawaa / AMSI_Rubeus_bypass
  ☆61Updated 2 years ago
• fanbyprinciple / bin2shellcode
  .bin file to shellcode convertor
  ☆28Updated 4 months ago
• An00bRektn / gopher47
  A third-party Gopher Assassin for the Havoc Framework.
  ☆44Updated 10 months ago
• 0xthirteen / reg_snake
  Python tool to interact with WMI StdRegProv
  ☆43Updated this week
• NotMedic / Invoke-Nanodump
  HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection
  ☆53Updated 2 years ago
• weaselsec / ClickOnce-AppDomain-Manager-Injection
  Click Once + App Domain
  ☆62Updated 11 months ago
• rasta-mouse / SpawnWith
  ☆92Updated 8 months ago
• VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
  Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
  ☆86Updated 2 years ago
• cybersectroll / TrollDump
  ☆79Updated 6 months ago
• puzzlepeaches / NTLMRecon
  Enumerate information from NTLM authentication enabled web endpoints 🔎
  ☆35Updated last year
• rasta-mouse / KerbApp
  ☆28Updated 5 months ago
• Bl4ckM1rror / PEAs
  ☆58Updated 11 months ago
• Octoberfest7 / Cohab_Processes
  A small Aggressor script to help Red Teams identify foreign processes on a host machine
  ☆81Updated last year
• Patrick0x41 / BOF_All_Things
  Beacon Object Files (BOF) for Cobalt Strike.
  ☆28Updated 2 months ago
• gerbsec / SmokeyObfuscator
  Rewrite to fit my needs
  ☆25Updated 4 months ago
• cybersectroll / SharpPersistSD
  ☆84Updated 6 months ago
• gavz / ExplorerPersist
  Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …
  ☆69Updated last year
• eversinc33 / SharpStartWebclient
  Programmatically start WebClient from an unprivileged session to enable that juicy privesc.
  ☆65Updated last year