p3nt4 / RunDLL.Net

Related projects ⓘ

Alternatives and complementary repositories for RunDLL.Net

• mobdk / Upsilon
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆92Updated 3 years ago
• NVISOsecurity / DInvisibleRegistry
  DInvisibleRegistry
  ☆81Updated 3 years ago
• badBounty / directInjectorPOC
  Small POC written in C# that performs shellcode injection on x64 processes using direct syscalls as a way to bypass user-land EDR hooks.
  ☆83Updated 4 years ago
• CCob / ProvisionAppx
  ☆37Updated 2 years ago
• GetRektBoy724 / TripleS
  Extracting Syscall Stub, Modernized
  ☆61Updated 2 years ago
• FuzzySecurity / Dendrobate
  Managed code hooking template.
  ☆128Updated 2 years ago
• outflanknl / TamperETW
  PoC to demonstrate how CLR ETW events can be tampered.
  ☆185Updated 4 years ago
• Soledge / BlockEtw
  .Net Assembly to block ETW telemetry in current process
  ☆75Updated 4 years ago
• MartinIngesen / TokenStomp
  C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic
  ☆139Updated 2 years ago
• Barbarisch / forkatz
  credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege
  ☆121Updated 3 years ago
• mez-0 / InMemoryNET
  Exploring in-memory execution of .NET
  ☆133Updated 2 years ago
• py7hagoras / GetSystem
  This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of alm…
  ☆105Updated last year
• plackyhacker / Peruns-Fart
  Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.
  ☆104Updated 2 years ago
• JohnWoodman / stealthInjector
  Injects shellcode into remote processes using direct syscalls
  ☆74Updated 3 years ago
• slyd0g / SK8RAT
  C++ implant that interfaces with a SK8PARK server
  ☆47Updated 3 years ago
• S3cur3Th1sSh1t / RDPThiefInject
  RDPThief donut shellcode inject into mstsc
  ☆75Updated 3 years ago
• slyd0g / LNKMod
  C# project to create or modify existing LNKs
  ☆52Updated 2 years ago
• Adepts-Of-0xCC / MiniDumpWriteDumpPoC
  MiniDumpWriteDump behavior modification hook
  ☆49Updated 3 years ago
• rasta-mouse / ExternalC2.NET
  .NET implementation of Cobalt Strike's External C2 Spec
  ☆83Updated 2 years ago
• Kara-4search / FullDLLUnhooking_CSharp
  Unhook DLL via cleaning the DLL 's .text section
  ☆8Updated 3 years ago
• jhalon / SharpCall
  Simple PoC demonstrating syscall execution in C#
  ☆152Updated 4 years ago
• r3nhat / XORedReflectiveDLL
  Reflective DLL Injection with obfuscated (XOR) shellcode
  ☆72Updated 3 years ago
• rxwx / cs-rdll-ipc-example
  Example code for using named pipe output with beacon ReflectiveDLLs
  ☆110Updated 4 years ago
• jfmaes / SharpNukeEventLog
  nuke that event log using some epic dinvoke fu
  ☆115Updated 3 years ago
• pwn1sher / CS-BOFs
  Collection of CobaltStrike beacon object files
  ☆99Updated 2 years ago
• rvrsh3ll / PELoader
  Load PE via XML Attribute
  ☆29Updated 4 years ago
• Aetsu / SLib
  SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#
  ☆62Updated last year
• plackyhacker / CmdLineSpoofer
  How to spoof the command line when spawning a new process from C#.
  ☆103Updated 2 years ago
• 0xB455 / AmsiBypass
  C# PoC implementation for bypassing AMSI via in memory patching
  ☆66Updated 4 years ago