praetorian-inc / vulcan
a tool to make it easy and fast to test various forms of injection
☆173Updated 6 years ago
Alternatives and similar repositories for vulcan:
Users that are interested in vulcan are comparing it to the libraries listed below
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆157Updated 5 years ago
- Lateral Movement technique using DCOM and HTA☆233Updated 2 years ago
- Code from this article: https://blog.rapid7.com/2018/05/03/hiding-metasploit-shellcode-to-evade-windows-defender/☆175Updated 4 years ago
- Neutering Sysmon via driver unload☆228Updated 2 years ago
- PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)☆325Updated 6 years ago
- Powershell script for enumerating vulnerable DCOM Applications☆257Updated 6 years ago
- lateral movement techniques that can be used during red team exercises☆271Updated 5 years ago
- A repository of some of my Windows 10 Device Guard Bypasses☆136Updated 7 years ago
- AndrewSpecial, dumping lsass' memory stealthily and bypassing "Cilence" since 2019.☆387Updated 5 years ago
- Evading WinDefender ATP credential-theft☆255Updated 5 years ago
- ☆229Updated 6 years ago
- DLL Generator for side loading attack☆171Updated 6 years ago
- Collection of CSharp Assemblies focused on Post-Exploitation Capabilities☆228Updated 5 years ago
- Fileless lateral movement tool that relies on ChangeServiceConfigA to run command☆113Updated 5 years ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆245Updated 4 years ago
- Custom Metasploit post module to executing a .NET Assembly from Meterpreter session☆346Updated 4 years ago
- Scripts for performing and detecting parent PID spoofing☆146Updated 4 years ago
- A list of ways to execute code on Windows using legitimate Windows tools☆307Updated 5 years ago
- BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET☆146Updated 5 years ago
- ☆253Updated 6 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆216Updated 5 years ago
- Presentation material presented by Outflank team members at public events.☆187Updated 4 months ago
- FLARE Kernel Shellcode Loader☆177Updated 6 years ago
- Shellcoding utilities☆222Updated 4 years ago
- UAC Bypass with mmc via alpc☆156Updated 6 years ago
- Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.�☆204Updated 7 years ago
- GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects☆248Updated 4 years ago
- ☆151Updated 4 years ago
- The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into a…☆345Updated 5 months ago
- A simple script to generate JScript code for calling Win32 API functions using XLM/Excel 4.0 macros via Excel.Application "ExecuteExcel4M…☆90Updated 5 years ago