Cracked5pider / unguard-eat
havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets
☆22Updated last month
Related projects: ⓘ
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user☆30Updated last month
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆36Updated 6 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- API Hammering with C++20☆34Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆22Updated 3 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆33Updated 3 weeks ago
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated last week
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆20Updated this week
- Command and Control☆23Updated last month
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆34Updated 9 months ago
- A direct improvement to remote TLS Injection.☆15Updated 3 months ago
- Just another Process Injection using Process Hollowing technique.☆16Updated last year
- In-memory hiding technique☆36Updated 3 months ago
- Standalone Metasploit-like XOR encoder for shellcode☆43Updated 4 months ago
- RunPE adapted for x64 and written in C, does not use RWX☆23Updated 4 months ago
- using the gpu to hide your payload☆47Updated 2 years ago
- Offensive Assembly code snippets.☆10Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- Windows AppLocker Driver (appid.sys) LPE☆30Updated last month
- ☆24Updated 5 months ago
- ☆33Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆45Updated this week
- A pure C version of SymProcAddress☆23Updated 6 months ago
- Sleep Obfuscation☆39Updated last year
- ☆18Updated last month
- Splitting and executing shellcode across multiple pages☆98Updated last year
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆41Updated last year
- ☆68Updated 3 weeks ago