7h3w4lk3r / RexLdr
Rex Shellcode Loader for AV/EDR evasion
☆28Updated 9 months ago
Alternatives and similar repositories for RexLdr:
Users that are interested in RexLdr are comparing it to the libraries listed below
- C++ Staged Shellcode Loader with Evasion capabilities.☆73Updated 3 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 4 months ago
- CVE-2024-41570: Havoc C2 0.7 Teamserver SSRF exploit☆36Updated 4 months ago
- Create Anti-Copy DRM Malware☆50Updated 5 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆82Updated last year
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆25Updated 2 years ago
- ☆45Updated 2 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆70Updated 11 months ago
- A simple PoC of injection shellcode into a remote process and get the output using namepipe☆38Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆45Updated 10 months ago
- Construct the payload at runtime using an array of offsets☆61Updated 7 months ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆30Updated last year
- ☆35Updated last year
- ☆62Updated 11 months ago
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- lsassdump via RtlCreateProcessReflection and NanoDump☆77Updated 3 months ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆39Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆96Updated last year
- Classic Process Injection with Memory Evasion Techniques implemantation☆66Updated last year
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆21Updated last year
- Implementation of Indirect Syscall technique to pop a calc.exe☆95Updated 11 months ago
- This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of r…☆44Updated 7 months ago
- based on https://gitlab.com/ORCA000/snaploader☆42Updated last month
- Tool to bypass LSA Protection (aka Protected Process Light)☆45Updated 2 weeks ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆51Updated 2 weeks ago
- Winsocket for Cobalt Strike.☆99Updated last year
- Execute dotnet app from unmanaged process☆67Updated 2 weeks ago
- Section-based payload obfuscation technique for x64☆59Updated 5 months ago
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …☆80Updated 2 years ago