xpn / NautilusProject
A collection of weird ways to execute unmanaged code in .NET
☆158Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for NautilusProject
- C# Implementation of the Hell's Gate VX Technique☆208Updated 4 years ago
- Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.☆145Updated 9 months ago
- Simple PoC demonstrating syscall execution in C#☆152Updated 4 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆185Updated 4 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆163Updated 2 years ago
- Another meterpreter injection technique using C# that attempts to bypass Defender☆254Updated 3 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆139Updated 2 years ago
- Experiment on reproducing Obfuscate & Sleep☆138Updated 3 years ago
- miscellaneous scripts and programs☆214Updated last year
- C# version of MDSec's ParallelSyscalls☆138Updated 2 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆193Updated 2 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆213Updated 4 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆154Updated 4 years ago
- Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs☆287Updated 2 years ago
- Managed code hooking template.☆128Updated 2 years ago
- Hookers are cooler than patches.☆166Updated 2 years ago
- An example of using Syscalls in C# to get a meterpreter shell.☆107Updated 3 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆153Updated 3 years ago
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆101Updated last year
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆184Updated 3 years ago
- Example code for EDR bypassing☆146Updated 5 years ago
- Exploring in-memory execution of .NET☆133Updated 2 years ago
- .NET assembly local/remote loading/injection into memory.☆125Updated 5 years ago
- You shall pass☆248Updated 2 years ago
- Small POC written in C# that performs shellcode injection on x64 processes using direct syscalls as a way to bypass user-land EDR hooks.☆83Updated 4 years ago
- A .NET malware loader, using API-Hashing to evade static analysis☆203Updated last year
- Dump stuff without touching disk☆159Updated 4 years ago
- Evasive Process Hollowing Techniques☆134Updated 4 years ago