thiagomayllart / DarkMelkor
Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.
☆27Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for DarkMelkor
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆14Updated 2 years ago
- ☆29Updated 2 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆28Updated 2 years ago
- ☆48Updated last year
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆53Updated 2 years ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆27Updated 3 years ago
- One gate to all syscalls!☆23Updated 2 years ago
- ☆38Updated last year
- Executes shellcode from a remote server and aims to evade in-memory scanners☆30Updated 5 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆17Updated last year
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆15Updated last year
- A way to extract tickets in case I need to purge and restore tickets on the fly.☆17Updated 7 months ago
- Cobalt Strike Get clipboard plugin☆12Updated last year
- Remove API hooks from a Beacon process.☆12Updated 3 years ago
- Dangling COM Keys Finder☆14Updated 3 years ago
- ☆26Updated 4 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆33Updated 3 years ago
- A work in progress BOF/COFF loader in Rust☆45Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆15Updated 6 months ago
- A more advanced free and open .NET obfuscator using dnlib.☆10Updated 2 years ago
- ☆14Updated 2 years ago
- Ntdll Unhooking POC☆19Updated 2 years ago
- Disable PPL via custom driver and dump lsass☆13Updated 3 years ago
- ☆35Updated 5 months ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆30Updated 8 months ago
- Cobalt Strike Malleable Profile Inline Patch Template: A Position Independent Code (PIC) Code Template For Creating Shellcode That Can Be…☆37Updated 4 years ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆21Updated last year