7h3w4lk3r / RexLdr

Related projects ⓘ

Alternatives and complementary repositories for RexLdr

• b4rth0v5k1 / EarlyBirdNTDLL
  ☆34Updated last year
• NtDallas / Fenrir
  stack spoofing
  ☆55Updated this week
• WKL-Sec / StackMask
  A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
  ☆55Updated last year
• Faran-17 / Hellshazzard
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆55Updated 3 months ago
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆68Updated last year
• CICADA8-Research / TypeLibWalker
  TypeLib persistence technique
  ☆75Updated last month
• wolfcod / lsassdump
  lsassdump via RtlCreateProcessReflection and NanoDump
  ☆73Updated last month
• Maldev-Academy / DRMBinViaOrdinalImports
  Create Anti-Copy DRM Malware
  ☆46Updated 3 months ago
• Ap3x / COFF-Loader
  A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader
  ☆39Updated 11 months ago
• ScriptIdiot / sleepmask_PatchlessHook
  Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
  ☆78Updated last year
• Offensive-Panda / D3MPSEC
  "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…
  ☆22Updated 2 months ago
• RixedLabs / IDLE-Abuse
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆51Updated last year
• Mav3rick33 / ZenLdr
  Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature
  ☆95Updated last year
• ProcessusT / UnhookingDLL
  This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…
  ☆67Updated 9 months ago
• pygrum / gimmick
  Section-based payload obfuscation technique for x64
  ☆58Updated 3 months ago
• c3r3br4t3 / ShadowRDP
  ☆62Updated 9 months ago
• parzel / GoSleepyCrypt
  In-memory sleep encryption and heap encryption for Go applications through a shellcode function.
  ☆39Updated 10 months ago
• MrAle98 / Sliver-CPPImplant2
  Sliver agent rewritten in C++
  ☆39Updated 2 months ago
• S12cybersecurity / NinjaInjector
  Classic Process Injection with Memory Evasion Techniques implemantation
  ☆63Updated last year
• nand0san / av_detect
  This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of r…
  ☆42Updated 5 months ago
• tehstoni / tryharder
  C++ Staged Shellcode Loader with Evasion capabilities.
  ☆73Updated last month
• SaadAhla / D1rkSleep
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆113Updated last year
• shantanu561993 / DLL-Sideload
  ☆38Updated last year
• nullsection / Sneaky-DLL-Stager
  Reasonably undetected shellcode stager and executer.
  ☆35Updated 2 months ago
• CodeXTF2 / evasion-adventures-files
  Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
  ☆23Updated last year
• caueb / ThreadlessStompingKann
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆38Updated 11 months ago
• maliciousgroup / RDI-SRDI
  This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".
  ☆75Updated last year
• gatariee / ldrgen
  Template-based generation of shellcode loaders
  ☆67Updated 7 months ago
• zimnyaa / PhaseDive
  Sleep Obfuscation
  ☆41Updated 2 years ago
• d4rkiZ / EmbedExeLnk-
  EmbedExeLnk by x86matthew modified by d4rkiZ
  ☆29Updated last year