xpn / NautilusProject
A collection of weird ways to execute unmanaged code in .NET
☆158Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for NautilusProject
- Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.☆145Updated 9 months ago
- PoC to demonstrate how CLR ETW events can be tampered.☆185Updated 4 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆154Updated 4 years ago
- An example of using Syscalls in C# to get a meterpreter shell.☆107Updated 3 years ago
- Example code for EDR bypassing☆146Updated 5 years ago
- C# Implementation of the Hell's Gate VX Technique☆208Updated 4 years ago
- Experiment on reproducing Obfuscate & Sleep☆139Updated 3 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆139Updated 2 years ago
- Another meterpreter injection technique using C# that attempts to bypass Defender☆254Updated 3 years ago
- .NET assembly local/remote loading/injection into memory.☆126Updated 5 years ago
- Simple PoC demonstrating syscall execution in C#☆151Updated 4 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆163Updated 2 years ago
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆184Updated 3 years ago
- You shall pass☆249Updated 2 years ago
- miscellaneous scripts and programs☆215Updated last year
- C# version of MDSec's ParallelSyscalls☆138Updated 2 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆213Updated 4 years ago
- Hookers are cooler than patches.☆166Updated 2 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆204Updated last year
- Evasive Process Hollowing Techniques☆134Updated 4 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆153Updated 3 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆203Updated 2 years ago
- Small POC written in C# that performs shellcode injection on x64 processes using direct syscalls as a way to bypass user-land EDR hooks.☆83Updated 4 years ago
- Overwrite a process's recovery callback and execute with WER☆102Updated 2 years ago
- Exploring in-memory execution of .NET☆133Updated 2 years ago
- Managed assembly shellcode generation☆264Updated 3 years ago
- ☆160Updated 2 years ago
- Managed code hooking template.☆128Updated 3 years ago
- Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs☆287Updated 2 years ago