Source code of exploiting windows API for red teaming series
☆150Sep 25, 2022Updated 3 years ago
Alternatives and similar repositories for WinAPI-RedBlue
Users that are interested in WinAPI-RedBlue are comparing it to the libraries listed below
Sorting:
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆95Mar 8, 2023Updated 3 years ago
- official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)☆232Jun 10, 2022Updated 3 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Feb 9, 2022Updated 4 years ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆249Aug 13, 2020Updated 5 years ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆74Dec 10, 2021Updated 4 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆497Feb 3, 2022Updated 4 years ago
- Log converter from CS log to Ghostwriter CSV☆31Nov 23, 2020Updated 5 years ago
- It stinks☆103Apr 22, 2022Updated 3 years ago
- Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)☆254Sep 15, 2022Updated 3 years ago
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- C# version of MDSec's ParallelSyscalls☆142Jan 9, 2022Updated 4 years ago
- ☆30Nov 7, 2022Updated 3 years ago
- Various ways to execute shellcode☆508Mar 13, 2024Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆921Jul 20, 2024Updated last year
- Execute Mimikatz with different technique☆51Nov 8, 2021Updated 4 years ago
- POC of a better implementation of GetProcAddress for ntdll using binary search☆111Apr 8, 2024Updated last year
- A tool to kill antimalware protected processes☆1,507Jun 19, 2021Updated 4 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆186Jul 21, 2022Updated 3 years ago
- Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…☆456Oct 25, 2021Updated 4 years ago
- Nim version of MDSec's Parallel Syscall PoC☆124Jan 14, 2022Updated 4 years ago
- Proof of concept - Covert Channel using Windows Filtering Platform (C#)☆21Aug 29, 2021Updated 4 years ago
- ☆121Jun 17, 2022Updated 3 years ago
- ☆15Aug 17, 2023Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- C# Implementation of Jared Atkinson's Get-InjectedThread.ps1☆54Jul 11, 2021Updated 4 years ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,163Mar 31, 2021Updated 4 years ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section☆111Jul 15, 2023Updated 2 years ago
- Inject .NET assemblies into an existing process☆507Jan 19, 2022Updated 4 years ago
- ☆185Jan 5, 2021Updated 5 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆337Jan 16, 2022Updated 4 years ago
- C# Based Universal API Unhooker☆411Feb 18, 2022Updated 4 years ago
- I used this to see if an EDR is running in Safe Mode☆36Feb 13, 2021Updated 5 years ago
- ☆1,073May 18, 2024Updated last year
- ☆24Sep 26, 2021Updated 4 years ago
- ☆13Jul 30, 2021Updated 4 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 3 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,400Nov 22, 2023Updated 2 years ago