xenoscr / SysWhispers2
AV/EDR evasion via direct system calls.
☆107Updated last year
Alternatives and similar repositories for SysWhispers2:
Users that are interested in SysWhispers2 are comparing it to the libraries listed below
- POC tools for exploring SMB over QUIC protocol☆121Updated 2 years ago
- Bypass Detection By Randomising ROR13 API Hashes☆135Updated 3 years ago
- Coerce Windows machines auth via MS-EVEN☆157Updated last year
- DLL Hijack Search Order Enumeration BOF☆146Updated 3 years ago
- ☆88Updated 2 years ago
- Pass the Hash to a named pipe for token Impersonation☆140Updated 3 years ago
- ☆139Updated 2 years ago
- Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL…☆167Updated 2 years ago
- A simple BOF that frees UDRLs☆116Updated 2 years ago
- Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS☆176Updated 2 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆152Updated last year
- Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs☆122Updated 2 years ago
- BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs☆176Updated 3 years ago
- ☆140Updated last year
- Beacon Object File implementation of Event Viewer deserialization UAC bypass☆132Updated 2 years ago
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆137Updated 2 years ago
- ☆152Updated last year
- ☆61Updated 2 years ago
- this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…☆85Updated 2 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆139Updated 3 years ago
- Convert shellcode generated using pe_2_shellcode to cdb format.☆96Updated 3 years ago
- Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.…☆131Updated 3 years ago
- A spin-off research project. Cobalt Strike x Notion collab 2022☆53Updated 2 years ago
- Perform DCSync operation without mimikatz☆142Updated 4 months ago
- ☆95Updated last year
- Zipper, a CobaltStrike file and folder compression utility.☆215Updated 5 years ago
- Beacon Object File allowing creation of Beacons in different sessions.☆78Updated 2 years ago
- Beacon Object File PoC implementation of KillDefender☆218Updated 2 years ago
- ☆79Updated last year
- Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly☆117Updated 5 months ago