plackyhacker / Sys-Calls
An example of using Syscalls in C# to get a meterpreter shell.
☆107Updated 2 years ago
Related projects: ⓘ
- Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.☆137Updated 7 months ago
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆101Updated last year
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆134Updated 4 months ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆109Updated 10 months ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆177Updated 2 years ago
- Hookers are cooler than patches.☆167Updated 2 years ago
- Simple C# implementation of PowerUpSQL☆91Updated 2 months ago
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆137Updated 2 years ago
- ☆138Updated this week
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆82Updated last year
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆139Updated 2 years ago
- Patch AMSI and ETW☆227Updated 4 months ago
- A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.☆69Updated 4 years ago
- ☆135Updated 2 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆164Updated 2 years ago
- Find .net assemblies locally☆85Updated last year
- Beacon Object File & C# project to check LDAP signing☆161Updated last month
- POC for frustrating/defeating Malware Analysts☆149Updated 2 years ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆84Updated last year
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆167Updated 6 months ago
- ☆105Updated last year
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆93Updated last year
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆87Updated 2 years ago
- ☆87Updated 2 years ago
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆182Updated 3 years ago
- ☆107Updated this week
- Tool for playing with Windows Access Token manipulation.☆50Updated last year
- tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"☆153Updated 2 years ago
- ☆140Updated last year
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 3 years ago