0xTriboulet / T-1Links
T-1 is a shellcode loader that leverages ML techniques to detect VM environments
☆34Updated 10 months ago
Alternatives and similar repositories for T-1
Users that are interested in T-1 are comparing it to the libraries listed below
Sorting:
- Demoting PPL anti-malware services to less than a guest user☆64Updated 7 months ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆73Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆60Updated 9 months ago
- Shellcode Loader Utilizing ETW Events☆65Updated 6 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆65Updated last year
- Section-based payload obfuscation technique for x64☆64Updated last year
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆43Updated last year
- Hunting and injecting RWX 'mockingjay' DLLs in pure nim☆59Updated 8 months ago
- Proxy function calls through the thread pool with ease☆29Updated 6 months ago
- shell code example☆62Updated 3 months ago
- A collection of position independent coding resources☆92Updated 6 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆77Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆91Updated last year
- ☆108Updated 10 months ago
- ☆88Updated last year
- Splitting and executing shellcode across multiple pages☆101Updated 2 years ago
- a demo module for the kaine agent to execute and inject assembly modules☆40Updated last year
- Cortex EDR Ransomware protection Bypass☆25Updated 6 months ago
- A process injection technique using only thread context manipulation☆37Updated last year
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51Updated last year
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆26Updated 4 months ago
- Rewrite to fit my needs☆30Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆97Updated 6 months ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆98Updated this week
- Post-Ex BOF tooling for Hannibal☆24Updated 9 months ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated last year
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆68Updated last month
- Linker for Beacon Object Files☆127Updated last month
- ☆40Updated 8 months ago
- API Hammering with C++20☆49Updated 3 years ago