usdAG / SharpLink
Create file system symbolic links from low privileged user accounts within PowerShell
☆91Updated 2 years ago
Alternatives and similar repositories for SharpLink:
Users that are interested in SharpLink are comparing it to the libraries listed below
- Managed code hooking template.☆129Updated 3 years ago
- ☆37Updated 2 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆120Updated 2 years ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆118Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆139Updated 8 months ago
- PoC to demonstrate how CLR ETW events can be tampered.☆184Updated 4 years ago
- D/Invoke port of UrbanBishop☆105Updated 4 years ago
- ☆105Updated 5 months ago
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆69Updated 4 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆78Updated 2 years ago
- Execute PowerShell code at the antimalware-light protection level.☆139Updated 2 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆88Updated 2 years ago
- ☆55Updated 3 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆102Updated 3 years ago
- A fake AMSI Provider which can be used for persistence.☆141Updated 3 years ago
- Offensive tool for fileless lateral movement on Windows networks☆25Updated 8 months ago
- ☆54Updated 3 years ago
- Tool for playing with Windows Access Token manipulation.☆53Updated 2 years ago
- Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.☆149Updated last year
- Process Monitor filter for finding privilege escalation vulnerabilities on Windows☆78Updated 3 years ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆66Updated 7 months ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆83Updated 2 years ago
- A tool for converting SysWhispers2 syscalls for use with Nim projects☆118Updated 3 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆111Updated last year
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆132Updated 4 months ago
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆91Updated 3 years ago
- ☆141Updated 2 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆139Updated 2 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆179Updated 2 years ago