thiagomayllart / Covenant_AlternateLinks
Covenant is a collaborative .NET C2 framework for red teamers.
☆22Updated 4 years ago
Alternatives and similar repositories for Covenant_Alternate
Users that are interested in Covenant_Alternate are comparing it to the libraries listed below
Sorting:
- ☆55Updated 3 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆54Updated 3 years ago
- LSASS enumeration like pypykatz written in C-Lang☆20Updated 3 years ago
- AMSI Bypass Via the Heap☆107Updated 4 years ago
- C# POC code for the SessionEnv dll hijack by utilizing called functions of TSMSISrv.dll☆60Updated 6 years ago
- IOXIDResolver from AirBus Security/PingCastle☆51Updated 4 years ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆31Updated last year
- ☆23Updated 3 years ago
- Run PowerShell command without invoking powershell.exe☆35Updated 3 years ago
- Execute Mimikatz with different technique☆51Updated 3 years ago
- Simple skeleton for a CPP DLL☆38Updated 5 years ago
- all credits go to @mgeeky☆64Updated 3 years ago
- WhoAmI by asking the LDAP service on a domain controller.☆63Updated 3 years ago
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆71Updated 4 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆61Updated 3 years ago
- Smart Card PIN swiping DLL☆78Updated 4 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Updated 4 years ago
- MiniDumpWriteDump behavior modification hook☆50Updated 4 years ago
- ☆37Updated 4 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆103Updated 2 years ago
- pypykatz plugin for volatility3 framework☆42Updated 3 months ago
- ☆53Updated 3 years ago
- A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.☆28Updated 3 years ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆103Updated 4 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆54Updated 5 years ago
- C# port of LogServiceCrash☆46Updated 4 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆107Updated 3 years ago
- A BOF to parse the imports of a provided PE-file, optionally extracting symbols on a per-dll basis.☆85Updated 3 years ago
- Zoom Persistence Aggressor and Handler☆55Updated 4 years ago
- AMSI detection PoC☆32Updated 5 years ago