Untitled

panagioto/SyscallHide

ORCA666 / DynamicDllLoader

Run your Dll's Entry Point From Memory... it may sound like loading it from the disk, but we are not, we are reading our dll's bytes and running it

https://github.com/Allevon412/TeamsImplant

This project is a stealthy teams implant that proxies the urlmon.dll that teams uses compile and throw this bad boy in the teams directory as urlmon.dll and you got yourself a persistence backdoor whenever teams runs by a user or at startup.

https://github.com/r4wd3r/Suborner

• Create invisible local accounts without net user or Windows OS user management applications (e.g. netapi32::netuseradd)
• Works on all Windows NT Machines (Windows XP to 11, Windows Server 2003 to 2022)
• Impersonate through RID Hijacking any existing account (enabled or disabled) after a successful authentication

PersistAssist: Your Persistence Assistant!