usdAG / SharpLink
Create file system symbolic links from low privileged user accounts within PowerShell
☆92Updated 2 years ago
Alternatives and similar repositories for SharpLink:
Users that are interested in SharpLink are comparing it to the libraries listed below
- ☆37Updated 2 years ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆122Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆139Updated 9 months ago
- ☆142Updated 2 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆111Updated last year
- A fake AMSI Provider which can be used for persistence.☆147Updated 3 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆88Updated 2 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆78Updated 2 years ago
- ☆71Updated 2 years ago
- ☆56Updated 3 years ago
- Tool for playing with Windows Access Token manipulation.☆54Updated 2 years ago
- Execute PowerShell code at the antimalware-light protection level.☆138Updated 2 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆83Updated 2 years ago
- D/Invoke implementation in Nim☆100Updated 2 years ago
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆103Updated last year
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆132Updated 5 months ago
- ☆70Updated 6 months ago
- PoC to demonstrate how CLR ETW events can be tampered.☆185Updated 4 years ago
- D/Invoke port of UrbanBishop☆106Updated 4 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆102Updated 3 years ago
- Find .net assemblies locally☆105Updated 2 years ago
- Managed code hooking template.☆130Updated 3 years ago
- Experiment on reproducing Obfuscate & Sleep☆141Updated 3 years ago
- Find DLLs with RWX section☆76Updated last year
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆140Updated 3 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- Just another ntdll unhooking using Parun's Fart technique☆73Updated 2 years ago
- Implant drop-in for EDR testing☆135Updated last year
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆91Updated 3 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆120Updated 2 years ago