paranoidninja / BRC4-Seminar-Stage-ILinks
These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be found here:
☆20Updated last year
Alternatives and similar repositories for BRC4-Seminar-Stage-I
Users that are interested in BRC4-Seminar-Stage-I are comparing it to the libraries listed below
Sorting:
- ☆59Updated last year
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- Bunch of BOF files☆33Updated 2 weeks ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated last year
- ☆47Updated 2 years ago
- Example of using Sleep to create better named pipes.☆41Updated last year
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆38Updated 7 months ago
- in-process powershell runner for BRC4☆45Updated last year
- Click Once + App Domain☆62Updated last year
- Python module for running BOFs☆71Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆85Updated 2 years ago
- A care package of useful bofs for red team engagments☆55Updated 7 months ago
- This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…☆51Updated 2 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆22Updated last year
- BOF for C2 framework☆41Updated 8 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Updated 5 months ago
- Sniffing files generator☆59Updated 4 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 2 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆90Updated 2 years ago
- EvtPsst☆55Updated last year
- Rewrite to fit my needs☆28Updated 11 months ago
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆22Updated 2 years ago
- miscellaneous codes☆35Updated last year
- malleable profile generator GUI for Havoc☆55Updated 2 years ago
- ☆43Updated last year
- ☆36Updated last year
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆31Updated 2 years ago
- Lateral Movement via the .NET Profiler☆82Updated 7 months ago
- Proxy function calls through the thread pool with ease☆28Updated 4 months ago