ServiceMove-BOF
DLL Hijacker
A tool that exploits a Windows vulnerability to execute arbitrary code on remote systems using a technique called DLL hijacking.
New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
284 stars
6 watching
46 forks
Language: C
last commit: almost 3 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 octoberfest7/dropspawn_bof | A CobaltStrike payload that uses DLL hijacking to spawn additional Beacons on Windows systems | 219 |
| netero1010/rdphijack-bof | A tool for hijacking remote RDP sessions using the WinStationConnect API | 297 |
 espressocake/dll-hijack-search-order-bof | A tool to enumerate the search order of DLL resolution and potentially gain information about a file's mutability. | 141 |
 tomcarver16/bof-dll-inject | A tool for injecting malware into processes by mapping it to memory without registering it with the kernel. | 147 |
 mojtabatajik/robber | Tools to detect DLL hijacking vulnerabilities in executable files | 767 |
 filosottile/otherport | A tool to redirect network connections to alternative ports. | 42 |
| octoberfest7/killdefender_bof | A tool that allows an attacker to elevate privileges and gain control over the Windows Defender service | 62 |
 rsmudge/zerologon-bof | An implementation of a Zero Logon protocol Bounce Of Flood (ZoBoF) vulnerability exploitation technique | 157 |
 ideaslocas/adll | A tool for detecting DLL hijacking vulnerabilities in binaries. | 70 |
| espressocake/firewall_walker_bof | An exploit technique allowing interaction with Windows software firewall via COM interfaces. | 100 |
 xforceir/sideloadhunter | A tool to help identify DLL sideloading on Windows systems. | 23 |
 trustedsec/cs-remote-ops-bof | Provides tools and primitives for interacting with Microsoft Windows systems remotely. | 892 |
 nul0x4c/atomldr | A DLL loader with advanced evasion techniques to bypass user-land hooks and load malicious payloads. | 676 |
| octoberfest7/cve-2023-36874_bof | An exploit tool for a Windows vulnerability allowing an attacker to run arbitrary code as SYSTEM on Windows 10 and Windows 11 | 202 |