passthehashbrowns / BOFMask
☆115Updated last year
Alternatives and similar repositories for BOFMask:
Users that are interested in BOFMask are comparing it to the libraries listed below
- ☆122Updated 5 months ago
- ☆120Updated last year
- BOF with Synthetic Stackframe☆108Updated 3 weeks ago
- Simple BOF to read the protection level of a process☆114Updated last year
- ☆123Updated last year
- Implant drop-in for EDR testing☆134Updated last year
- ☆93Updated 5 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆82Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- ☆138Updated last year
- Lateral Movement via the .NET Profiler☆79Updated 2 months ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆149Updated last year
- ☆94Updated last month
- AzureAD beacon object files☆109Updated 2 months ago
- ☆134Updated last year
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆224Updated last year
- ☆151Updated last year
- ☆127Updated last year
- I have documented all of the AMSI patches that I learned till now☆74Updated last year
- ☆78Updated last year
- TypeLib persistence technique☆107Updated 3 months ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆147Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆118Updated 2 years ago
- Just another C2 Redirector using CloudFlare.☆86Updated 9 months ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆90Updated 2 years ago
- ☆180Updated last year
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆73Updated last month