Source code of exploiting windows API for red teaming series
☆152Sep 25, 2022Updated 3 years ago
Alternatives and similar repositories for WinAPI-RedBlue
Users that are interested in WinAPI-RedBlue are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆95Mar 8, 2023Updated 3 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)☆234Jun 10, 2022Updated 3 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆501Feb 3, 2022Updated 4 years ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆249Aug 13, 2020Updated 5 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- C# Implementation of Jared Atkinson's Get-InjectedThread.ps1☆54Jul 11, 2021Updated 4 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Feb 9, 2022Updated 4 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆938Jul 20, 2024Updated last year
- It stinks☆103Apr 22, 2022Updated 3 years ago
- Six cases demonstrating methods of optimizing GetProcAddress☆19Jan 3, 2022Updated 4 years ago
- A tool to kill antimalware protected processes☆1,506Jun 19, 2021Updated 4 years ago
- Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…☆458Oct 25, 2021Updated 4 years ago
- ☆15Aug 17, 2023Updated 2 years ago
- Execute Mimikatz with different technique☆51Nov 8, 2021Updated 4 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆74Dec 10, 2021Updated 4 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆563Apr 8, 2025Updated last year
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 4 years ago
- Various ways to execute shellcode☆509Mar 13, 2024Updated 2 years ago
- Miscellaneous examples for use with Cobalt Strike Beacon☆10Nov 19, 2020Updated 5 years ago
- ☆30Nov 7, 2022Updated 3 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,407Nov 22, 2023Updated 2 years ago
- ☆1,076May 18, 2024Updated last year
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Log converter from CS log to Ghostwriter CSV☆31Nov 23, 2020Updated 5 years ago
- ☆779Oct 17, 2023Updated 2 years ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,163Mar 31, 2021Updated 5 years ago
- ☆119Aug 7, 2022Updated 3 years ago
- C# version of MDSec's ParallelSyscalls☆143Jan 9, 2022Updated 4 years ago
- A BOF to determine Windows Defender exclusions.☆256Jun 25, 2023Updated 2 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆337Jan 16, 2022Updated 4 years ago
- Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)☆254Sep 15, 2022Updated 3 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 4 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section☆112Jul 15, 2023Updated 2 years ago
- miscellaneous scripts and programs☆279Jan 23, 2025Updated last year
- ☆185Jan 5, 2021Updated 5 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,376Oct 27, 2023Updated 2 years ago
- Spawn Up quickly Elastic EDR Panel☆16Jan 29, 2022Updated 4 years ago
- Win32 and Kernel abusing techniques for pentesters☆978Sep 3, 2023Updated 2 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆186Jul 21, 2022Updated 3 years ago