This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built in Sleep() call. Most of the structure e.g. Sleep hook, shellcode exec etc. are taken from mgeeky's https://github.com/mgeeky/ShellcodeFluctuation.
☆36Jan 15, 2022Updated 4 years ago
Alternatives and similar repositories for BusySleepBeacon
Users that are interested in BusySleepBeacon are comparing it to the libraries listed below
Sorting:
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆31Jan 14, 2023Updated 3 years ago
- A C port of b33f's UrbanBishop☆38Oct 1, 2020Updated 5 years ago
- Create Cobalt Strike malleable C2 profiles with HTTPS configs☆18May 23, 2020Updated 5 years ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Mar 10, 2023Updated 3 years ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆282Feb 24, 2025Updated last year
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 3 years ago
- PsSetCreateProcessNotifyRoutine/Ex/Ex2 hook☆13May 30, 2024Updated last year
- PoC to self-delete a binary in C#☆36Feb 6, 2024Updated 2 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- A simple BOF that frees UDRLs☆122May 29, 2022Updated 3 years ago
- Firefox webInjector capable of injecting codes into webpages using a mitmproxy.☆42Oct 30, 2022Updated 3 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆167Apr 22, 2022Updated 3 years ago
- 横向移动三剑客 ( Lateral movement tools)☆30Nov 16, 2021Updated 4 years ago
- Artemis - C++ Hell's Gate Syscall Implementation☆34Aug 16, 2023Updated 2 years ago
- 看起来叫BabyBypass,实际啥都会记一些☆16Sep 10, 2023Updated 2 years ago
- Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.…☆146Aug 16, 2021Updated 4 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- Bringing Shikata ga nai to the front html☆23Apr 28, 2022Updated 3 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆498Feb 3, 2022Updated 4 years ago
- ☆41Jul 10, 2023Updated 2 years ago
- Windows internals and exploitation tricks☆112Nov 9, 2025Updated 4 months ago
- ☆275Jan 14, 2023Updated 3 years ago
- Process injection via native Windows APIs (NTAPIs)☆15Jan 16, 2024Updated 2 years ago
- Aggressor Notification Scripts for cobaltstrike via slack & discord☆14Nov 27, 2025Updated 3 months ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- DUQU MALWARE SOURCE + BINARY + More coming☆13Feb 6, 2023Updated 3 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆13Jul 15, 2023Updated 2 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- ☆46Dec 5, 2023Updated 2 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆109May 27, 2021Updated 4 years ago
- Get your data from the resource section manually, with no need for windows apis☆67Oct 22, 2024Updated last year
- A Poc on blocking Procmon from monitoring network events☆111Aug 7, 2025Updated 7 months ago
- Pass the Hash to a named pipe for token Impersonation☆311Nov 29, 2023Updated 2 years ago
- Collection of extracted Microsoft Defender data for security research purposes☆234Jun 23, 2022Updated 3 years ago
- Manually perform syscalls without going through any external API or DLL.☆19Apr 19, 2023Updated 2 years ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆34Sep 15, 2022Updated 3 years ago
- Self-Loading Registration Free COM Functions☆11Nov 12, 2019Updated 6 years ago
- tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"☆178Nov 26, 2021Updated 4 years ago