synacktiv / DLHell
Local & remote Windows DLL Proxying
☆164Updated 10 months ago
Alternatives and similar repositories for DLHell:
Users that are interested in DLHell are comparing it to the libraries listed below
- ☆154Updated 4 months ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆173Updated 2 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated last year
- Stage 0☆155Updated 4 months ago
- Your syscall factory☆121Updated last month
- ☆105Updated last month
- Find DLLs with RWX section☆79Updated last year
- Port of Cobalt Strike's Process Inject Kit☆172Updated 4 months ago
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆136Updated 3 weeks ago
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆177Updated last year
- Create Anti-Copy DRM Malware☆55Updated 8 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆145Updated 11 months ago
- ☆180Updated last year
- A Mythic Agent written in PIC C.☆186Updated 2 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆186Updated 4 months ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆92Updated this week
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 8 months ago
- The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning☆113Updated 3 weeks ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆197Updated 6 months ago
- Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"☆137Updated 8 months ago
- A BOF to enumerate system process, their protection levels, and more.☆116Updated 4 months ago
- Adversary Emulation Framework☆98Updated 8 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆120Updated 6 months ago
- ☆110Updated 4 months ago
- ☆121Updated last year
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated last year
- ☆127Updated 7 months ago
- The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section☆101Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆258Updated 7 months ago
- ApexLdr is a DLL Payload Loader written in C☆108Updated 9 months ago