rbmm / ARL
☆22Updated 3 weeks ago
Related projects ⓘ
Alternatives and complementary repositories for ARL
- RunPE adapted for x64 and written in C, does not use RWX☆24Updated 5 months ago
- Cobalt Strike notifications via NTFY.☆13Updated last month
- A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system☆26Updated last week
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆38Updated last year
- Self Delete DLL☆23Updated 8 months ago
- Just another Process Injection using Process Hollowing technique.☆16Updated last year
- ☆21Updated 6 months ago
- ☆25Updated 3 weeks ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆31Updated 5 months ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆32Updated last year
- Collect Windows telemetry for Maldev☆36Updated this week
- Bunch of BOF files☆23Updated 8 months ago
- ☆35Updated 2 weeks ago
- BOF for C2 framework☆40Updated this week
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- .NET port of Leron Gray's azbelt tool.☆26Updated last year
- ☆26Updated 11 months ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆44Updated last month
- Sniffing files generator☆19Updated this week
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- Extension functionality for the NightHawk operator client☆26Updated last year
- ☆27Updated 5 months ago
- ☆47Updated last year
- Attack chain emulator. Write recipes for initial access easily☆20Updated last year
- An example of COM hijacking using a proxy DLL.☆24Updated 3 years ago
- ☆14Updated 8 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 3 months ago