API Browser
Explore 50+ weaponized APIs with abuse scenarios and detection strategies
Showing 29 of 29 APIs
System.Diagnostics.Process.Start
CriticalExecute arbitrary commands via .NET process execution
WMI Win32_Process.Create
CriticalCreate processes via WMI for command execution
Reflection.Assembly.Load
HighLoad arbitrary .NET assemblies for code execution
HttpClient.GetAsync
HighDownload files and execute remote payloads
VirtualAllocEx
HighAllocate memory in remote process for code injection
Chrome Extension - storage.sync API
CriticalSteal OAuth tokens from browser storage
System.Net.ServicePointManager.ServerCertificateValidationCallback
HighSSL certificate bypass
AWS EC2 Metadata Service
CriticalAccess 169.254.169.254 to steal temporary credentials
RegSetValueEx
HighWrite values to Windows Registry for persistence
user32.dll - SetWindowsHookEx
HighInstall system-wide hooks for keylogging/monitoring
OpenProcess+ReadProcessMemory
HighRead sensitive data from remote process memory
MethodInfo.Invoke
HighInvoke methods dynamically via .NET reflection
SmtpClient
MediumSend emails for C2 communication or data exfiltration
NamedPipeClientStream
HighCreate named pipes for inter-process communication
EventLog.WriteEntry
MediumWrite entries to Windows Event Log for evasion
WebClient.DownloadString
HighDownload remote scripts and payloads
access.Application COM Object
HighCreate Access database for code execution
Scripting.FileSystemObject
MediumFile system operations via COM scripting
WScript.Shell
CriticalExecute shell commands via Windows Script Host
Outlook.Application
MediumAccess Outlook for data theft or spam campaigns
PowerShell Reflection
CriticalExecute code via PowerShell reflection API
Access.Application
HighCode execution through Access macro execution
WriteProcessMemory
CriticalWrite shellcode into remote process memory