wietze / windows-dll-env-hijacking

Related projects: ⓘ

• CodeXTF2 / cobaltstrike-headless
  Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.
  ☆145Updated 2 years ago
• CodeXTF2 / HavocNotion
  A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …
  ☆78Updated last year
• 0xthirteen / AssemblyHunter
  Find .net assemblies locally
  ☆85Updated last year
• Wh04m1001 / DiagTrackEoP
  ☆87Updated 2 years ago
• CodeXTF2 / PyHmmm
  Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …
  ☆74Updated 10 months ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆85Updated 2 years ago
• Dramelac / GoldenCopy
  Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.
  ☆75Updated 4 months ago
• VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
  Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
  ☆86Updated 2 years ago
• eversinc33 / Godmode
  Tool for playing with Windows Access Token manipulation.
  ☆50Updated last year
• tothi / stager_libpeconv
  A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
  ☆82Updated last year
• leftp / DPAPISnoop
  A C# tool to output crackable DPAPI hashes from user MasterKeys
  ☆129Updated last week
• hrtywhy / BOF-CobaltStrike
  Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.
  ☆72Updated 2 years ago
• deepinstinct / AMSI-Unchained
  Unchain AMSI by patching the provider’s unmonitored memory space
  ☆87Updated last year
• klezVirus / NimlineWhispers3
  A tool for converting SysWhispers3 syscalls for use with Nim projects
  ☆137Updated 2 years ago
• tmenochet / PowerExec
  Offensive tool for fileless lateral movement on Windows networks
  ☆24Updated 4 months ago
• bohops / DynamicDotNet
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆134Updated 4 months ago
• Cracked5pider / LsaParser
  ☆99Updated this week
• Cobalt-Strike / unhook-bof
  Remove API hooks from a Beacon process.
  ☆54Updated 2 years ago
• xpn / WAMBam
  Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
  ☆109Updated last year
• mgeeky / msi-shenanigans
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆77Updated last year
• notdodo / adduser-dll
  Simple DLL that add a user to the local Administrators group
  ☆74Updated 2 years ago
• apokryptein / secinject
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆87Updated 2 years ago
• xforcered / Detect-Hooks
  Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
  ☆94Updated 3 years ago
• Crypt0s / DelegationBOF
  ☆135Updated 2 years ago
• rasta-mouse / ExternalC2.NET
  .NET implementation of Cobalt Strike's External C2 Spec
  ☆83Updated 2 years ago
• GetRektBoy724 / SharpHalos
  My implementation of Halo's Gate technique in C#
  ☆51Updated 2 years ago
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆66Updated last year
• 3gstudent / ntfsDump
  Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
  ☆111Updated 3 years ago
• Octoberfest7 / BeatRev
  POC for frustrating/defeating Malware Analysts
  ☆149Updated 2 years ago
• boku7 / halosgate-ps
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆93Updated last year