D1rkMtr / ObfLoader
☆177Updated this week
Related projects: ⓘ
- ☆163Updated this week
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 3 years ago
- ☆245Updated this week
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆163Updated last year
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆137Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆126Updated 2 years ago
- ☆100Updated this week
- Experiment on reproducing Obfuscate & Sleep☆136Updated 3 years ago
- ☆107Updated this week
- ☆99Updated this week
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆225Updated last year
- ☆221Updated this week
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆151Updated last year
- Load a dynamic library from memory by modifying the native Windows loader☆198Updated 11 months ago
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆134Updated 2 years ago
- Beacon Object File Loader☆270Updated 9 months ago
- You shall pass☆241Updated 2 years ago
- The code is a pingback to the Dark Vortex blog:☆162Updated last year
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆131Updated last year
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆177Updated 3 months ago
- A PoC implementation for dynamically masking call stacks with timers.☆244Updated last year
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆109Updated 10 months ago
- Exploitation of echo_driver.sys☆165Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- Beacon Object File (BOF) for remote process injection via thread hijacking☆186Updated 3 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆164Updated last year
- EDRSandblast-GodFault☆239Updated last year
- miscellaneous scripts and programs☆211Updated last year
- Generic PE loader for fast prototyping evasion techniques☆175Updated 2 months ago
- Exploitation of process killer drivers☆182Updated 11 months ago