C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.
☆31Nov 9, 2021Updated 4 years ago
Alternatives and similar repositories for DoublePulsarPayload
Users that are interested in DoublePulsarPayload are comparing it to the libraries listed below
Sorting:
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- ☆38Oct 12, 2020Updated 5 years ago
- Headers for linking your software with ntdll.dll☆15Nov 4, 2020Updated 5 years ago
- ☆51Sep 18, 2020Updated 5 years ago
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆38Dec 13, 2020Updated 5 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆30Jul 12, 2021Updated 4 years ago
- Library for using direct system calls☆35Jan 30, 2025Updated last year
- CloudFlare Worker Shell☆14Aug 29, 2020Updated 5 years ago
- ☆12Aug 10, 2019Updated 6 years ago
- Client/server code that impersonates TLS 1.3 to disguise C2 activity.☆73Jul 25, 2022Updated 3 years ago
- MiniDumpWriteDump behavior modification hook☆50Feb 15, 2021Updated 5 years ago
- Loads shellcode from a resource file.☆22Aug 15, 2019Updated 6 years ago
- Weaponizing CLRvoyance for Post-Ex .NET Execution☆38Jul 15, 2021Updated 4 years ago
- A simple C implementation to decoded your shellcode and writes it directly to memory☆98Jul 10, 2020Updated 5 years ago
- A PowerShell script to prevent Sysmon from writing its events☆16Apr 23, 2020Updated 5 years ago
- Shellcode injection using debugging APIs☆19Jan 13, 2014Updated 12 years ago
- Simple Aggressor Scripts for Cobalt Strike☆13Sep 24, 2020Updated 5 years ago
- A BOF for enumerating version information for DLLs associated for a Beacon process.☆16Nov 23, 2021Updated 4 years ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆13Mar 17, 2022Updated 3 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆79Feb 27, 2020Updated 6 years ago
- Proof of concept - Covert Channel using Windows Filtering Platform (C#)☆21Aug 29, 2021Updated 4 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆41Sep 23, 2021Updated 4 years ago
- AMSI Bypass Via the Heap☆107Nov 20, 2020Updated 5 years ago
- Disable PPL via custom driver and dump lsass☆15Mar 13, 2021Updated 4 years ago
- ☆42Aug 10, 2019Updated 6 years ago
- WMI SA stuffs☆30Apr 18, 2022Updated 3 years ago
- Bypass UAC at any level by abusing the Task Scheduler and environment variables☆35Jul 12, 2021Updated 4 years ago
- ☆31Aug 23, 2020Updated 5 years ago
- Out-of-the-Box Tool to Obfuscate Excel XLS. Include Obfuscation & Hide for Cell Labels & BoundSheets☆48Aug 4, 2021Updated 4 years ago
- A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.☆46Mar 1, 2021Updated 5 years ago
- Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx☆15Apr 26, 2021Updated 4 years ago
- AmsiHook is a project I created to figure out a bypass to AMSI via function hooking.☆67Jun 14, 2020Updated 5 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆121Jun 24, 2020Updated 5 years ago
- Hijack Printconfig.dll to execute shellcode☆100Jan 15, 2021Updated 5 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- A C port of b33f's UrbanBishop☆38Oct 1, 2020Updated 5 years ago
- A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique☆52Dec 6, 2018Updated 7 years ago
- x64 Registration-Free In-Process COM Automation Server.☆51Nov 28, 2022Updated 3 years ago