EventViewerUAC_BOF
UAC bypass tool
A tool that bypasses UAC restrictions on Windows by deserializing and executing malicious code in Event Viewer.
Beacon Object File implementation of Event Viewer deserialization UAC bypass
129 stars
7 watching
29 forks
Language: C
last commit: almost 3 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 netero1010/trustedpath-uacbypass-bof | Tools and techniques to bypass Windows UAC restrictions on executable files by utilizing DCOM objects | 119 |
 encodegroup/uac-silentclean | A technique to bypass Windows UAC security restrictions using a DLL planting method for executing malicious code in high integrity processes. | 190 |
 bohops/ultimatewdacbypasslist | A centralized resource for bypassing Windows Device Guard Application Whitelisting (WDAC) policies. | 489 |
 boku7/injectetwbypass | Tool to bypass ETW (Event Tracing for Windows) security measure in remote processes by injecting a custom syscall | 276 |
| octoberfest7/killdefender_bof | A tool that allows an attacker to elevate privileges and gain control over the Windows Defender service | 62 |
| octoberfest7/cve-2023-36874_bof | An exploit tool for a Windows vulnerability allowing an attacker to run arbitrary code as SYSTEM on Windows 10 and Windows 11 | 202 |
 dimopouloselias/alpc-mmc-uac-bypass | Exploits ALPC and mmc to bypass Windows UAC for administrative privileges. | 155 |
| octoberfest7/dropspawn_bof | A CobaltStrike payload that uses DLL hijacking to spawn additional Beacons on Windows systems | 219 |
 codewatchorg/bypasswaf | An extension that automatically adds headers to Burp requests to bypass certain Web Application Firewall products. | 330 |
| boku7/injectamsibypass | A tool that bypasses AMSI in a remote process with code injection. | 377 |
 hack2fun/bypassav | A tool for generating obfuscated executable files to evade antivirus detection | 902 |
 0x3rhy/adduser-bof | A Cobalt Strike BOF that exploits a vulnerability to add an admin user | 70 |
 airbus-cert/invoke-bof | Loads and executes a malicious payload in a Windows system using PowerShell. | 245 |
| octoberfest7/kdstab | A tool used to bypass Windows Defender by manipulating process integrity and privileges | 156 |
 julianjm/waf_bypadd | An extension that bypasses Web Application Firewalls by padding HTTP requests with dummy data | 4 |