praetorian-inc / vulcanView external linksLinks
a tool to make it easy and fast to test various forms of injection
☆172May 2, 2019Updated 6 years ago
Alternatives and similar repositories for vulcan
Users that are interested in vulcan are comparing it to the libraries listed below
Sorting:
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- Process reimaging proof of concept code☆97Jun 21, 2019Updated 6 years ago
- Evading WinDefender ATP credential-theft☆256Dec 2, 2019Updated 6 years ago
- ☆42Aug 10, 2019Updated 6 years ago
- Tool for injecting a "TCP Relay" managed assembly into unmanaged processes☆117May 23, 2019Updated 6 years ago
- Bash one-liner that will parse harmj0y's SharpRoast or Rebeus kerberoast into hashcat crack-able format.☆32Feb 28, 2019Updated 6 years ago
- Collection of CSharp Assemblies focused on Post-Exploitation Capabilities☆233May 30, 2019Updated 6 years ago
- Lateral Movement technique using DCOM and HTA☆235Oct 18, 2022Updated 3 years ago
- ☆54Apr 27, 2019Updated 6 years ago
- Provides In-memory compilation and reflective loading of C# apps for AV evasion.☆372Feb 23, 2024Updated last year
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆824Mar 10, 2022Updated 3 years ago
- Also known by Microsoft as Knifecoat☆1,151Dec 22, 2022Updated 3 years ago
- ☆350Feb 21, 2022Updated 3 years ago
- ☆110May 14, 2018Updated 7 years ago
- Library for using direct system calls☆36Jan 30, 2025Updated last year
- External C2 Using IE COM Objects☆101Feb 24, 2019Updated 6 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects☆251Sep 26, 2020Updated 5 years ago
- ☆17Feb 29, 2020Updated 5 years ago
- Windows - Weaponizing privileged file writes with the Update Session Orchestrator service☆402Jun 6, 2020Updated 5 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆121Jun 24, 2020Updated 5 years ago
- Constrained Language Mode + AMSI bypass all in one☆158Jul 29, 2019Updated 6 years ago
- Helper script for mangling CS payloads☆51May 5, 2019Updated 6 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- Obfuscate specific windows apis with different apis☆1,021Feb 21, 2021Updated 4 years ago
- Managed assembly shellcode generation☆280Mar 19, 2021Updated 4 years ago
- A Bind Shell Using the Fax Service and a DLL Hijack☆330May 3, 2020Updated 5 years ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆79Feb 27, 2020Updated 5 years ago
- Ps-Tools, an advanced process monitoring toolkit for offensive operations☆355Dec 1, 2020Updated 5 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆218Mar 5, 2020Updated 5 years ago
- ☆24Sep 26, 2021Updated 4 years ago
- ☆54Aug 13, 2018Updated 7 years ago
- A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.☆220May 3, 2023Updated 2 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆158Jun 10, 2019Updated 6 years ago
- ☆482Jun 2, 2023Updated 2 years ago
- CobaltStrike External C2 for Websockets☆197Jul 16, 2019Updated 6 years ago
- Pypykatz agent implemented in .NET☆84Mar 15, 2019Updated 6 years ago
- A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies☆325Apr 8, 2023Updated 2 years ago