hypobrychium AV/EDR completely ignore me.

Duplicate (unowned) token from a running process without detections

Duplicate the token of a running process and run a command.

Use when there is a process on behalf of a domain administrator or to generate a CMD on any process.

When used with unowned process PIDs, there will be no screen input/output in the CMD, but the shell works fine.

The source will be published soon, I make it watchable ;-) It was written in Delphi (Lazarous)

Special thanks to Ewan who developed some highly professional units.

have fun

Required: Local administrator role

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
README.md		README.md
hypobrychium.exe		hypobrychium.exe
hypobrychium.lpi		hypobrychium.lpi
hypobrychium.lpr		hypobrychium.lpr
uadvapi32.pas		uadvapi32.pas
ucryptoapi.pas		ucryptoapi.pas

Provide feedback