0xjbb / vehspoofView external linksLinks
Callstack spoofing using a VEH because VEH all the things.
☆23Mar 18, 2025Updated 10 months ago
Alternatives and similar repositories for vehspoof
Users that are interested in vehspoof are comparing it to the libraries listed below
Sorting:
- various methods of making API calls☆19Feb 1, 2025Updated last year
- Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation.☆53Jun 2, 2025Updated 8 months ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 2 months ago
- ☆48Dec 21, 2025Updated last month
- Next gen process injection technique☆54Jul 9, 2020Updated 5 years ago
- Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does☆94Jul 3, 2025Updated 7 months ago
- A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…☆59Mar 17, 2025Updated 10 months ago
- From C, Rust or Zig to binary shellcode compiler based on Mingw gcc. It allows using Win32 APIs and standard libraries without any change…☆53Sep 22, 2025Updated 4 months ago
- ☆61Dec 19, 2024Updated last year
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆78Aug 25, 2025Updated 5 months ago
- A hacky way of getting cross-arch/platform support in Cobalt Strike☆37Aug 31, 2025Updated 5 months ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆48Nov 2, 2025Updated 3 months ago
- In-memory hiding technique☆63Jan 5, 2025Updated last year
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆63Jan 19, 2026Updated 3 weeks ago
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆119Dec 23, 2025Updated last month
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- C++ macro for x64 programs that breaks ida hex-rays decompiler tool.☆137Apr 12, 2024Updated last year
- A repository holding Proof of Concepts for executing the calculator application via different file formats☆42Jun 27, 2024Updated last year
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆122Jan 17, 2026Updated 3 weeks ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 6 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆262Aug 31, 2025Updated 5 months ago
- ☆11Jan 8, 2022Updated 4 years ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 4 months ago
- Leveraging Platform Trust Technology (PTT) to defeat Driver Signing Enforcement (DSE) to run Kernel Drivers (KMDF) with Secure Boot Enabl…☆13Aug 22, 2022Updated 3 years ago
- User-Defined C2 BOF Template☆27Nov 24, 2025Updated 2 months ago
- Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking☆136Jul 2, 2025Updated 7 months ago
- ☆38Apr 15, 2025Updated 9 months ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆425Feb 11, 2024Updated 2 years ago
- A custom SentinelOne USB scanner.☆18Mar 26, 2022Updated 3 years ago
- GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.☆11Nov 24, 2023Updated 2 years ago
- Cobalt Strike BOF☆42Dec 10, 2025Updated 2 months ago
- macOS dylib stager☆36Jan 22, 2025Updated last year
- SharpReg is a simple code set to interact with the Remote Registry service api and is compatible with Cobalt Strike.☆28Apr 12, 2020Updated 5 years ago
- TypeLib persistence technique☆139Oct 22, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆116Jan 20, 2025Updated last year
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆209Nov 12, 2025Updated 3 months ago
- sigreturn-oriented programming (SROP) based sleep obfuscation poc for Linux☆63Dec 15, 2025Updated last month
- Tracks a range of Microsoft owned ASNs and publishes a daily release containing a list of IPv4 and IPv6 address in CIDR notation.☆31Updated this week
- A simple reverse ssh/proxy implant PoC for *nix systems.☆57Jul 5, 2024Updated last year