paranoidninja / BRC4-Seminar-Stage-ILinks
These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be found here:
☆20Updated 2 years ago
Alternatives and similar repositories for BRC4-Seminar-Stage-I
Users that are interested in BRC4-Seminar-Stage-I are comparing it to the libraries listed below
Sorting:
- ☆47Updated 2 years ago
- ☆59Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆86Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated last year
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆22Updated 3 years ago
- Sniffing files generator☆59Updated 6 months ago
- A care package of useful bofs for red team engagments☆55Updated 8 months ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- Run Cobalt Strike BOFs in Brute Ratel C4!☆71Updated 4 months ago
- Click Once + App Domain☆63Updated last year
- Python module for running BOFs☆72Updated 2 years ago
- Slide decks and/or materials from conference presentations☆56Updated 2 years ago
- PoC XLL builder in Python/Nim☆47Updated 2 years ago
- malleable profile generator GUI for Havoc☆55Updated 2 years ago
- Find DLLs with RWX section☆81Updated 2 years ago
- RPC to WebClient startup☆46Updated last week
- Bunch of BOF files☆34Updated 2 months ago
- ☆79Updated 2 years ago
- ☆34Updated 5 months ago
- Lateral Movement via the .NET Profiler☆82Updated 9 months ago
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆39Updated 8 months ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆74Updated last year
- in-process powershell runner for BRC4☆47Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆40Updated 2 years ago
- Rewrite to fit my needs☆30Updated last year
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Updated 7 months ago
- Example of using Sleep to create better named pipes.☆41Updated 2 years ago
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆39Updated 3 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated 2 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆22Updated last year