Alternatives to whoami
Some experiments to retrieve the current username without calling whoami.exe or similar binaries, all of them using C# (and P/Invoke).
StealthyEnv - Get environment variables from PEB structure
Alternative to whoami.exe or other well-known binaries to get the environment variables. It is written in C# and I guess it is stealthier because it gets the values parsing the PEB structure.
Guard Pages Hooking
C# PoC of Guard Pages hooking. It is a type of API hooking which can be achieved from userland and does not require patching functions.
SharpEA - Playing with Extended Attributes (EAs) using C#
C# program to read, write and delete Extended Attributes (EAs) to “hide” malicious payloads within NTFS filesystems.
SharpADS - Playing with Alternate Data Streams (ADS) using C#
C# program to write, read, delete or list Alternate Data Streams (ADS) within NTFS.
Github Star Counter
Python script to count exact total number of stars for any Github user
C# implementation of GetModuleHandle
GetModuleHandle implementation in C# using only the NtQueryInformationProcess API call.