0xTriboulet / T-1Links
T-1 is a shellcode loader that leverages ML techniques to detect VM environments
☆35Updated 10 months ago
Alternatives and similar repositories for T-1
Users that are interested in T-1 are comparing it to the libraries listed below
Sorting:
- Shellcode Loader Utilizing ETW Events☆65Updated 7 months ago
- Hunting and injecting RWX 'mockingjay' DLLs in pure nim☆59Updated 9 months ago
- early cascade injection PoC based on Outflanks blog post, in rust☆60Updated 10 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆67Updated last year
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆73Updated last year
- Section-based payload obfuscation technique for x64☆64Updated last year
- Demoting PPL anti-malware services to less than a guest user☆63Updated 7 months ago
- Proxy function calls through the thread pool with ease☆29Updated 7 months ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆52Updated last year
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆47Updated 2 months ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆92Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆68Updated last month
- ☆38Updated 5 months ago
- shell code example☆62Updated 4 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆41Updated last year
- Linker for Beacon Object Files☆128Updated last week
- BOF to decrypt Signal Desktop chat logs☆71Updated 7 months ago
- A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…☆58Updated 6 months ago
- A 64 bit executable junk code engine for polymorphic malware.☆69Updated 3 months ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Updated 3 years ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated last year
- LKM rootkit for modern kernels, with DNS C2 and a simple web interface☆74Updated 2 months ago
- Cortex EDR Ransomware protection Bypass☆25Updated 7 months ago
- ☆93Updated last year
- ☆42Updated 9 months ago
- A collection of position independent coding resources☆94Updated 2 weeks ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆117Updated 3 weeks ago
- API Hammering with C++20☆49Updated 3 years ago
- ☆78Updated 8 months ago