Exploiting the KsecDD Windows driver through Server Silos
☆77Nov 11, 2024Updated last year
Alternatives and similar repositories for KexecDDPlus
Users that are interested in KexecDDPlus are comparing it to the libraries listed below
Sorting:
- ☆31Dec 5, 2024Updated last year
- An impacket-lite cli tool that combines many useful impacket functions using a single session.☆57Jan 14, 2026Updated 2 months ago
- ☆33Jan 23, 2025Updated last year
- ☆54Mar 26, 2025Updated 11 months ago
- Impersonate Tokens using only NTAPI functions☆84Apr 4, 2025Updated 11 months ago
- TypeLib persistence technique☆141Oct 22, 2024Updated last year
- Admin to Kernel code execution using the KSecDD driver☆264Apr 19, 2024Updated last year
- ☆26Nov 8, 2024Updated last year
- ☆31Jul 26, 2024Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆268Apr 8, 2025Updated 11 months ago
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆24Jul 5, 2023Updated 2 years ago
- List web account manager (WAM) accounts added to the current profile☆24Dec 11, 2025Updated 3 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- ☆410Dec 8, 2024Updated last year
- Dump the memory of any PPL with a Userland exploit chain☆352Mar 17, 2023Updated 3 years ago
- A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications.…☆117Oct 20, 2024Updated last year
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 3 months ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 11 months ago
- OpenHashAPI provides a secure method of communicating hashes and enables lightweight workflows for security practitioners and enthusiasts…☆13Oct 27, 2024Updated last year
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- Find world writable directories that contain a .exe or .dll file☆13Aug 31, 2021Updated 4 years ago
- ☆108Aug 21, 2024Updated last year
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆335Mar 6, 2025Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆216Oct 19, 2024Updated last year
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- A set of programs for analyzing common vulnerabilities in COM☆249Sep 8, 2024Updated last year
- ☆244May 5, 2024Updated last year
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆84Dec 21, 2022Updated 3 years ago
- ☆87Jan 21, 2025Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆251Jul 9, 2024Updated last year
- Python tool to interact with WMI StdRegProv☆60Nov 19, 2024Updated last year
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 6 months ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆45Apr 27, 2023Updated 2 years ago
- ☆84May 19, 2024Updated last year
- Activation Context Hijack☆172Aug 3, 2025Updated 7 months ago
- Tool for viewing NTDS.dit☆196Mar 14, 2025Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago