AdvDebug / BehavEye

Related projects ⓘ

Alternatives and complementary repositories for BehavEye

• dr4k0nia / Greenline
  Unpacker and Config Extractor for managed Redline Stealer payloads
  ☆39Updated last year
• ZeroMemoryEx / URootkit
  user-mode Rootkit
  ☆98Updated 2 years ago
• 0xflux / Rust-Hells-Gate
  Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
  ☆19Updated 5 months ago
• WKL-Sec / FuncAddressPro
  A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
  ☆70Updated 8 months ago
• NUL0x4C / DeleteShadowCopies
  Deleting Shadow Copies In Pure C++
  ☆113Updated 2 years ago
• dr4k0nia / tooling-playground
  A collection of small scripts and tools for deobfuscation and malware analysis.
  ☆65Updated last year
• Offensive-Panda / DV_NEW
  This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)
  ☆46Updated 6 months ago
• IntelBroker / Endurance-Wiper
  a small wiper malware programmed in c#
  ☆45Updated 2 years ago
• Idov31 / rustomware
  Simple ransomware written in Rust. Part of the building a rustomware blog post.
  ☆32Updated last year
• pygrum / siphon
  A feed of malware samples curated from threat intelligence sources.
  ☆24Updated last year
• realoriginal / blacklotus
  A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.
  ☆85Updated last year
• BeetleChunks / Obligato
  This project is an implant framework designed for long term persistent access to Windows machines.
  ☆110Updated last year
• hwvs / Invoke-GPTObfuscation
  Powershell implementation of a novel technique. Invoke-GPTObfuscation is a PowerShell Obfuscator that utilizes OpenAI (and other APIs) to…
  ☆49Updated 11 months ago
• 0xTriboulet / ZeroTotal
  A collection of source code, binaries, and compilation scripts designed to bypass detection
  ☆25Updated last year
• Chainski / Chainski-Crypter
  Lime Crypter Obfuscator Mod
  ☆25Updated 4 months ago
• hideckies / hermit
  A command and control framework.
  ☆35Updated 3 months ago
• lsecqt / BSides-2024-Malware-Development-101-From-Zero-to-Non-Hero
  ☆24Updated 6 months ago
• SleepTheGod / Windows-Atom-Table-Hijacking
  A privilege escalation vulnerability exists in Windows due to a flaw in the implementation of the Atom Table. An attacker could exploit t…
  ☆26Updated 2 months ago
• mannyfred / SentinelBruh
  Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution
  ☆38Updated 4 months ago
• itaymigdal / PichichiH0ll0wer
  Nim process hollowing loader
  ☆47Updated 3 months ago
• Dump-GUY / sc2pe
  Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE
  ☆64Updated last year
• zimnyaa / insomnia
  a stage1 DLL loader with sleep obfuscation
  ☆32Updated last year
• EvilBytecode / Shellcode-Loader
  This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.
  ☆51Updated 4 months ago
• FourCoreLabs / TrustedInstallerPOC
  A simple go Proof of Concept to start a new shell as TrustedInstaller
  ☆47Updated last year
• blue0x1 / uac-bypass-oneliners
  Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applicatio…
  ☆85Updated last year
• rtfmkiesel / loldrivers-client
  Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io
  ☆79Updated 9 months ago
• frkngksl / UnlinkDLL
  DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
  ☆57Updated 11 months ago