shubham0d / UAC-bypass-using-dll-injection

Related projects: ⓘ

• netbiosX / AMSI-Provider
  A fake AMSI Provider which can be used for persistence.
  ☆134Updated 3 years ago
• boku7 / halosgate-ps
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆93Updated last year
• Sh0ckFR / InlineWhispers2
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
  ☆177Updated 2 years ago
• apokryptein / secinject
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆87Updated 2 years ago
• pwn1sher / CS-BOFs
  Collection of CobaltStrike beacon object files
  ☆100Updated 2 years ago
• xforcered / Detect-Hooks
  Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
  ☆94Updated 3 years ago
• CCob / SylantStrike
  Simple EDR implementation to demonstrate bypass
  ☆152Updated 4 years ago
• SecIdiot / FOLIAGE
  ☆99Updated this week
• Barbarisch / forkatz
  credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege
  ☆121Updated 3 years ago
• tothi / stager_libpeconv
  A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
  ☆82Updated last year
• fozavci / WeaponisingCSharp-Fundamentals
  Weaponising C# - Fundamentals Training Content
  ☆71Updated 3 years ago
• boku7 / Nobelium-PdfDLRunAesShellcode
  A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
  ☆100Updated last year
• rxwx / cs-rdll-ipc-example
  Example code for using named pipe output with beacon ReflectiveDLLs
  ☆108Updated 4 years ago
• 0xVIC / myAPPLockerBypassSummary
  Simple APPLocker bypass summary
  ☆39Updated 5 years ago
• FULLSHADE / WarFox
  ☆150Updated this week
• SecIdiot / TitanLdr
  ☆87Updated this week
• Cobalt-Strike / unhook-bof
  Remove API hooks from a Beacon process.
  ☆54Updated 2 years ago
• shogunlab / Mochi
  Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.
  ☆98Updated 2 years ago
• Ben0xA / DoUCMe
  ☆69Updated 3 years ago
• VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
  Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
  ☆86Updated 2 years ago
• jfmaes / Invoke-DLLClone
  Koppeling x Metatwin x LazySign
  ☆200Updated 3 years ago
• Wh04m1001 / DiagTrackEoP
  ☆87Updated 2 years ago
• nettitude / RunOF
  ☆140Updated last year
• plackyhacker / Peruns-Fart
  Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.
  ☆105Updated 2 years ago
• rookuu / BOFs
  Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.
  ☆164Updated 3 years ago
• jfmaes / SharpRDPDump
  ☆88Updated this week
• reevesrs24 / EvasiveProcessHollowing
  Evasive Process Hollowing Techniques
  ☆132Updated 4 years ago
• jbaines-r7 / shakeitoff
  Windows MSI Installer LPE (CVE-2021-43883)
  ☆76Updated 2 years ago
• N4kedTurtle / LocalDllParse
  ☆53Updated 2 years ago