x42en / sysplant
Your syscall factory
☆122Updated last month
Related projects ⓘ
Alternatives and complementary repositories for sysplant
- ☆116Updated 2 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆145Updated 10 months ago
- ☆173Updated 11 months ago
- ☆108Updated last year
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆138Updated 2 years ago
- ☆118Updated last year
- ☆133Updated last year
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆110Updated last year
- Simple BOF to read the protection level of a process☆104Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆135Updated last week
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆114Updated 5 months ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆128Updated last year
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆159Updated last year
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆108Updated last year
- Just another C2 Redirector using CloudFlare.☆78Updated 5 months ago
- Find DLLs with RWX section☆75Updated last year
- ☆125Updated 3 months ago
- Do some DLL SideLoading magic☆74Updated last year
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆113Updated 4 months ago
- Tool for playing with Windows Access Token manipulation.☆51Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆205Updated last month
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆279Updated last year
- Lateral Movement via the .NET Profiler☆73Updated 5 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆47Updated 8 months ago
- Implant drop-in for EDR testing☆127Updated 11 months ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆86Updated 2 years ago
- Find .net assemblies locally☆88Updated 2 years ago
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆132Updated last year
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆215Updated last year