tasox / CSharp_Process_Injection

Related projects: ⓘ

• plackyhacker / CmdLineSpoofer
  How to spoof the command line when spawning a new process from C#.
  ☆100Updated 2 years ago
• SECFORCE / SharpWhispers
  C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.
  ☆101Updated last year
• jfmaes / SharpLNKGen-UI
  UI for creating LNKs
  ☆97Updated 3 years ago
• Wra7h / ARCInject
  Overwrite a process's recovery callback and execute with WER
  ☆100Updated 2 years ago
• G0ldenGunSec / SharpTransactedLoad
  Load .net assemblies from memory while having them appear to be loaded from an on-disk location.
  ☆157Updated 3 years ago
• badBounty / directInjectorPOC
  Small POC written in C# that performs shellcode injection on x64 processes using direct syscalls as a way to bypass user-land EDR hooks.
  ☆83Updated 4 years ago
• bohops / DynamicDotNet
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆134Updated 4 months ago
• GetRektBoy724 / TripleS
  Extracting Syscall Stub, Modernized
  ☆60Updated 2 years ago
• reevesrs24 / EvasiveProcessHollowing
  Evasive Process Hollowing Techniques
  ☆132Updated 4 years ago
• boku7 / Nobelium-PdfDLRunAesShellcode
  A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
  ☆100Updated last year
• TheWover / GhostLoader
  GhostLoader - AppDomainManager - Injection - 攻壳机动队
  ☆150Updated 4 years ago
• code-scrap / DynamicWrapperDotNet
  ☆43Updated this week
• S4ntiagoP / donut
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆109Updated 10 months ago
• plackyhacker / SandboxDefender
  C# code to Sandbox Defender (and most probably other AV/EDRs).
  ☆164Updated 2 years ago
• MartinIngesen / TokenStomp
  C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic
  ☆139Updated 2 years ago
• reveng007 / CheckHooks-n-load
  ☆107Updated this week
• D1rkMtr / PatchThatAMSI
  ☆60Updated this week
• boku7 / halosgate-ps
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆93Updated last year
• plackyhacker / Sys-Calls
  An example of using Syscalls in C# to get a meterpreter shell.
  ☆107Updated 2 years ago
• y11en / FOLIAGE
  Experiment on reproducing Obfuscate & Sleep
  ☆136Updated 3 years ago
• michaelweber / CSharpSourceObfuscator
  A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.
  ☆69Updated 4 years ago
• DamonMohammadbagher / NativePayload_CBT
  NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)
  ☆114Updated last year
• plackyhacker / Peruns-Fart
  Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.
  ☆105Updated 2 years ago
• netbiosX / AMSI-Provider
  A fake AMSI Provider which can be used for persistence.
  ☆134Updated 3 years ago
• Sh0ckFR / InlineWhispers2
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
  ☆177Updated 2 years ago
• tothi / stager_libpeconv
  A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
  ☆82Updated last year
• naksyn / ModuleShifting
  Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…
  ☆106Updated 11 months ago
• Octoberfest7 / BeatRev
  POC for frustrating/defeating Malware Analysts
  ☆149Updated 2 years ago
• SecIdiot / TitanLdr
  ☆87Updated this week
• waawaa / AMSI_Rubeus_bypass
  ☆61Updated 2 years ago