Reflective DLL Injection with obfuscated (XOR) shellcode
☆73Dec 13, 2020Updated 5 years ago
Alternatives and similar repositories for XORedReflectiveDLL
Users that are interested in XORedReflectiveDLL are comparing it to the libraries listed below
Sorting:
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆218Mar 5, 2020Updated 5 years ago
- Standalone version of my AES Powershell payload for Cobalt Strike.☆111Dec 27, 2019Updated 6 years ago
- C# code to run PIC using CreateThread☆17Apr 19, 2019Updated 6 years ago
- New UAC bypass for Silent Cleanup for CobaltStrike☆191Jul 14, 2021Updated 4 years ago
- ☆14Sep 22, 2019Updated 6 years ago
- YouTube/Livestream project for obfuscating C# source code using Roslyn☆129May 9, 2021Updated 4 years ago
- Walking the PEB in VBA☆24Apr 6, 2020Updated 5 years ago
- Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.☆18Jan 21, 2022Updated 4 years ago
- Small POC written in C# that performs shellcode injection on x64 processes using direct syscalls as a way to bypass user-land EDR hooks.☆85Dec 20, 2019Updated 6 years ago
- Call your own DLL from VBA and execute code under process svchost.exe with WMI☆12Mar 6, 2020Updated 5 years ago
- Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as trigger☆58Oct 7, 2020Updated 5 years ago
- C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThreadContext to evade Get-InjectedThread☆119Apr 9, 2019Updated 6 years ago
- ☆113Aug 5, 2020Updated 5 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆167Apr 22, 2022Updated 3 years ago
- Simple Aggressor Scripts for Cobalt Strike☆13Sep 24, 2020Updated 5 years ago
- Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows☆143Jul 11, 2020Updated 5 years ago
- Remote code execution in Power Platform connectors via JSON deserialization☆23Mar 30, 2023Updated 2 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆126Sep 19, 2019Updated 6 years ago
- Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windo…☆233Mar 18, 2024Updated last year
- .NET 4.0 Scheduled Job Lateral Movement☆90Aug 25, 2020Updated 5 years ago
- ☆13Oct 20, 2021Updated 4 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- C# 编写的用于 Dropbox 文件上传☆20Jan 16, 2022Updated 4 years ago
- We developed GRAT2 Command & Control (C2) project for learning purpose.☆414Dec 19, 2020Updated 5 years ago
- Inject .NET assemblies into an existing process☆508Jan 19, 2022Updated 4 years ago
- WMI Event Subscription Persistence in C#☆112May 29, 2019Updated 6 years ago
- A collection of Cobalt Strike Malleable C2 profiles☆36Oct 13, 2020Updated 5 years ago
- C# Executable with embedded Python that can be used reflectively to run python code on systems without Python installed☆244Aug 12, 2020Updated 5 years ago
- OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at s…☆538Sep 18, 2022Updated 3 years ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- ☆16Sep 23, 2021Updated 4 years ago
- MappingInjection via csharp☆40Nov 19, 2021Updated 4 years ago
- Shellcoding utilities☆225Dec 16, 2020Updated 5 years ago
- Run shellcode from resource☆259Dec 13, 2020Updated 5 years ago
- The program is designed to obfuscate the shellcode.☆203Jul 13, 2021Updated 4 years ago
- Loads any C# binary in mem, patching AMSI + ETW.☆839Oct 3, 2021Updated 4 years ago
- A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.☆220May 3, 2023Updated 2 years ago
- SimpleShellcodeInjector receives as an argument a shellcode in hex and executes it. It DOES NOT inject the shellcode in a third party ap…☆258Apr 19, 2021Updated 4 years ago
- Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…☆469Mar 8, 2023Updated 2 years ago