Get process handles from process name in C#
Get process(es) from the process name using NtGetNextProcess and GetProcessImageFileName API calls, a stealthier alternative and written in C#.
CESP-ADCS Course Cheatsheet
Cheatsheet I created while completing the CESP-ADCS course by Altered Security, focused in Active Directory Certificate Services (ADCS) attacks
Calling C# code from Powershell
One of the reasons why I like programming some PoCs using C# is the possibility to later run the code in Powershell. In this post we will see some basic examples and how to prepare your C# code to run it using Powershell.
Alternatives to whoami
Some experiments to retrieve the current username without calling whoami.exe or similar binaries, all of them using C# (and P/Invoke).
StealthyEnv - Get environment variables from PEB structure
Alternative to whoami.exe or other well-known binaries to get the environment variables. It is written in C# and I guess it is stealthier because it gets the values parsing the PEB structure.
Guard Pages Hooking
C# PoC of Guard Pages hooking. It is a type of API hooking which can be achieved from userland and does not require patching functions.
SharpEA - Playing with Extended Attributes (EAs) using C#
C# program to read, write and delete Extended Attributes (EAs) to “hide” malicious payloads within NTFS filesystems.