3xp0rt / VX-API
Collection of various WINAPI tricks / features used or abused by Malware
☆13Updated 2 years ago
Alternatives and similar repositories for VX-API:
Users that are interested in VX-API are comparing it to the libraries listed below
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆81Updated last year
- A Python script that embeds Target VBS into LNK and when executed runs the VBS script from within.☆32Updated 2 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆20Updated last year
- Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10☆38Updated 2 years ago
- Offensive Assembly code snippets.☆12Updated last year
- Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key.☆78Updated 2 years ago
- CSharp4Pentesters☆12Updated 2 years ago
- A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…☆23Updated 2 years ago
- RegStrike is a .reg payload generator☆58Updated last year
- A .NET binary loader that bypasses AMSI☆44Updated 3 years ago
- IAT Unhooking proof-of-concept☆29Updated 10 months ago
- ☆27Updated last year
- Reverse TCP Powershell has never been this paranoid. (basically an Opsec-safe reverse powershell)☆30Updated 3 years ago
- A Bumblebee-inspired Crypter☆80Updated 2 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆53Updated 2 years ago
- AES-256 Microsoft Cryptography API Example Use.☆31Updated last year
- A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client a…☆75Updated last year
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆36Updated 2 years ago
- A Flask-based HTTP(S) command and control (C2) with a web frontend. Malleable agent written in Go.☆36Updated last year
- PoC MSI payload based on ASEC/AhnLab's blog post☆23Updated 2 years ago
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆58Updated last year
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆57Updated last year
- Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE☆65Updated last year
- Windows AppLocker Driver (appid.sys) LPE☆48Updated 6 months ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago
- Tool that can be used to trim useless things from a PE file such as the things a file pumper would add.☆25Updated 7 months ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- Listing UDP connections with remote address without sniffing.☆30Updated last year
- a small wiper malware programmed in c#☆50Updated 2 years ago
- These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be…☆19Updated last year