kt
Kernel file/process/object tool
killav
bypass av dump lsass
basic
vs2019 + cpp + wdk
usage(64-bit only)
kdu -map sys.sys
kt -F -d c:\windows\notepad.exe
kt -P -k avp.exe
kt -O -m klif.sys
kt -O -r
Kernel file/process/object tool
Overview
You might also like...
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
HOLLOW - Cobalt Strike BOF Authors: Bobby Cooke (@0xBoku) Justin Hamilton (@JTHam0) Octavio Paguaga (@OakTree__) Matt Kingstone (@n00bRage) Beacon Obj
201 Nov 12, 2022
Two PoC of accessing process virtual memory via NT Kernel
ProcessVmAccess Two PoC of accessing process virtual memory via NT Kernel Detail You've never interested in accessing process virtual memory through N
16 Aug 11, 2022
KernelReadWriteMemory - Simple code to manipulate the memory of a usermode process from kernel.
KernelReadWriteMemory Simple proof of concept -code to manipulate the memory of a usermode process from kernelmode of a windows NT operating system. T
149 Nov 22, 2022
PoC MSVC COFF Object file loader/injector.
COFFInjector A Proof of Concept code - loading and injecting MSVC object file. Blog post with explanation: https://0xpat.github.io/Malware_development
130 Dec 4, 2022
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
Detect-Hooks Detect-Hooks is a proof of concept Beacon Object File (BOF) that attempts to detect userland API hooks in place by AV/EDR. The BOF will r
120 Nov 19, 2022
Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving
Beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object.
84 Dec 2, 2022
This repository is meant to host the core files needed to create a Beacon Object File for use with Cobalt Strike
BOF Template This repository is meant to host the core files needed to create a Beacon Object File for use with Cobalt Strike. A Beacon Object File (B
42 Nov 9, 2022
Beacon Object File allowing creation of Beacons in different sessions.
JumpSession_BOF This is a Beacon Object File allowing creation of Beacons in different sessions. Must be Elevated. This BOF was created on the heels o
69 Nov 18, 2022
A tool to generate elegant UML-like class/object diagrams for C++ header files
Diagrams for C++ header files Note: This is a PoC project; Issues will drive the development What's this all about We strive for a tool to generate el
2 Mar 19, 2022
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
Process Ghosting This is my implementation of the technique presented by Gabriel Landau: https://www.elastic.co/blog/process-ghosting-a-new-executable
511 Nov 21, 2022
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
InlineExecute-Assembly InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process
392 Dec 1, 2022
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.
Cobalt Strike "Where Am I?" Beacon Object File Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environmen
92 Nov 30, 2022
A Beacon Object File that creates a minidump of the LSASS process.
NanoDump A Beacon Object File that creates a minidump of the LSASS process. Features It uses syscalls (with SysWhispers2) for most operations You can
1.1k Nov 29, 2022
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel
CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a
186 Nov 22, 2022
A tool to pull C++ object names from kernel memory
kobject A tool to pull C++ object names from kernel memory Implementation is a bit hacky, lots of room for improvement. Just someting I threw together
15 Aug 3, 2022
Tsdf-plusplus - TSDF++: A Multi-Object Formulation for Dynamic Object Tracking and Reconstruction
TSDF++: A Multi-Object Formulation for Dynamic Object Tracking and Reconstruction TSDF++ is a novel multi-object TSDF formulation that can encode mult
125 Nov 24, 2022
Blazingly fast multi-object tracker. Works on 1 (x, y) point per object.
Norfair++ This is a C++ implementation of Techainer's Norfair, which originates from Norfair, a library for real-time 2D object tracking. Its function
6 Jan 26, 2022
6D - Pose Annotation Tool (6D-PAT) - is a tool that allows the user to load a set of images and also a set of 3D models and annotate where in the 2D image the 3D object ist placed.
6D - Pose Annotation Tool (6D-PAT) For detiled explanations checkout the WikiPage. What is it? With 6D-PAT you can create 6D annotations on images for
71 Nov 20, 2022
Memory Process File System (MemProcFS) is an easy and convenient way of viewing physical memory as files in a virtual file system
The Memory Process File System (MemProcFS) is an easy and convenient way of viewing physical memory as files in a virtual file system.
1.7k Dec 2, 2022