tmenochet / PowerExec
Offensive tool for fileless lateral movement on Windows networks
☆24Updated 4 months ago
Related projects: ⓘ
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆87Updated 2 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆87Updated last year
- Find .net assemblies locally☆85Updated last year
- ☆99Updated this week
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆57Updated 8 months ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆50Updated last year
- My implementation of Halo's Gate technique in C#☆51Updated 2 years ago
- ☆68Updated last year
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆137Updated 2 years ago
- ☆87Updated 2 years ago
- Remove API hooks from a Beacon process.☆54Updated 2 years ago
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆74Updated 10 months ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆109Updated 11 months ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆93Updated last year
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆109Updated last year
- DirSync is a simple proof of concept PowerShell module to demonstrate the impact of delegating DS-Replication-Get-Changes and DS-Replicat…☆24Updated last year
- D/Invoke implementation in Nim☆96Updated 2 years ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆47Updated 2 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆100Updated 2 years ago
- C# version of NTLMRawUnHide☆71Updated last year
- Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.☆72Updated 2 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆77Updated last year
- ☆61Updated this week
- ☆43Updated this week
- Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic lo…☆24Updated last year
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆94Updated 3 years ago
- ☆100Updated this week
- Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines☆55Updated 2 weeks ago
- ☆35Updated 2 years ago