smokeme / airstrike
☆155Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for airstrike
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆250Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆163Updated last month
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆155Updated last year
- Shaco is a linux agent for havoc☆144Updated last year
- A BOF to automate common persistence tasks for red teamers☆266Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆145Updated 11 months ago
- ☆181Updated 7 months ago
- Patch AMSI and ETW☆232Updated 6 months ago
- ☆146Updated last year
- ☆175Updated 11 months ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆216Updated last year
- ☆207Updated 6 months ago
- ApexLdr is a DLL Payload Loader written in C☆105Updated 4 months ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆292Updated 2 years ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆123Updated 8 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆108Updated last month
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆146Updated 3 weeks ago
- Patching AmsiOpenSession by forcing an error branching☆144Updated last year
- ☆112Updated last year
- A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY☆78Updated 2 years ago
- Havoc C2 profile generator☆57Updated 3 weeks ago
- The Official Sliver Armory☆83Updated 3 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆270Updated this week
- Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs☆64Updated last year
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆227Updated last year
- PoC to coerce authentication from Windows hosts using MS-WSP☆225Updated last year
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆149Updated last year
- A variety of AV evasion techniques written in C# for practice.☆78Updated 3 years ago
- My implementation of the GIUDA project in C++☆159Updated last year