This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of almost any SYSTEM process.
☆109Feb 14, 2023Updated 3 years ago
Alternatives and similar repositories for GetSystem
Users that are interested in GetSystem are comparing it to the libraries listed below
Sorting:
- Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.☆18Jan 21, 2022Updated 4 years ago
- Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.☆115Jun 7, 2021Updated 4 years ago
- .NET project for installing Persistence☆63Feb 14, 2022Updated 4 years ago
- NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs☆95Aug 1, 2022Updated 3 years ago
- A User Impersonation tool - via Token or Shellcode injection☆421May 21, 2022Updated 3 years ago
- SharpAddDomainMachine☆69Oct 12, 2021Updated 4 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆167Apr 22, 2022Updated 3 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆144Feb 23, 2022Updated 4 years ago
- Inject .NET assemblies into an existing process☆508Jan 19, 2022Updated 4 years ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆158Jul 22, 2021Updated 4 years ago
- Process Ghosting in C#☆220Jan 24, 2022Updated 4 years ago
- A small POC to make defender useless by removing its token privileges and lowering the token integrity☆690Jun 28, 2022Updated 3 years ago
- Patch AMSI and ETW☆249May 8, 2024Updated last year
- Beacon Object File PoC implementation of KillDefender☆236Apr 12, 2022Updated 3 years ago
- Killing your preferred antimalware by abusing native symbolic links and NT paths.☆358Jan 29, 2022Updated 4 years ago
- ☆153Jan 6, 2023Updated 3 years ago
- ShellcodeFluctuation PoC ported to Nim☆79Oct 14, 2022Updated 3 years ago
- .NET project for installing Persistence☆498Jun 26, 2024Updated last year
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- One gate to all syscalls!☆23Mar 12, 2022Updated 3 years ago
- A simple hidden vnc.☆34Feb 19, 2021Updated 5 years ago
- .NET Project for Attacking vCenter☆553Nov 11, 2021Updated 4 years ago
- A Nim implementation of reflective PE-Loading from memory☆300Sep 5, 2024Updated last year
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- Beacon Object File (BOF) Creation Helper☆236May 3, 2022Updated 3 years ago
- Read Memory without ReadProcessMemory for Current Process☆92Feb 13, 2022Updated 4 years ago
- .NET Project for performing Authenticated Remote Execution☆405Feb 8, 2023Updated 3 years ago
- Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…☆104Apr 18, 2022Updated 3 years ago
- .NET, PE, & Raw Shellcode Packer/Loader Written in Nim☆816Jan 20, 2023Updated 3 years ago
- A Visual Studio template used to create Cobalt Strike BOFs☆323Nov 17, 2021Updated 4 years ago
- Misc TaskScheduler Plays☆238Sep 27, 2022Updated 3 years ago
- DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.☆322Sep 23, 2022Updated 3 years ago
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆374Sep 20, 2025Updated 5 months ago
- An easy way to getsystem by golang.☆55Aug 30, 2021Updated 4 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆501Jan 25, 2022Updated 4 years ago
- ☆615Jul 21, 2025Updated 7 months ago
- PoC for UUID shellcode execution using DInvoke☆155Mar 8, 2021Updated 4 years ago
- A tool for converting SysWhispers2 syscalls for use with Nim projects☆125Dec 22, 2021Updated 4 years ago
- This is learning to write windows 32 api instance code in the golang language☆42Jan 14, 2022Updated 4 years ago