D3Ext / Hooka
Shellcode loader generator with multiples features
☆227Updated last week
Related projects ⓘ
Alternatives and complementary repositories for Hooka
- shellcode loader for your evasion needs☆272Updated last week
- Go shellcode loader that combines multiple evasion techniques☆353Updated last year
- Collection of UAC Bypass Techniques Weaponized as BOFs☆408Updated 9 months ago
- KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this p…☆213Updated last year
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆242Updated 4 months ago
- Terminate AV/EDR Processes using kernel driver☆338Updated last year
- Shaco is a linux agent for havoc☆144Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆266Updated 7 months ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆324Updated 11 months ago
- Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…☆302Updated last year
- Some POCs for my BYOVD research and find some vulnerable drivers☆127Updated 2 months ago
- indirect syscalls for AV/EDR evasion in Go assembly☆307Updated last year
- A list of python tools to help create an OPSEC-safe Cobalt Strike profile.☆374Updated 8 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆278Updated last year
- Evasive shellcode loader☆283Updated last month
- Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime☆298Updated last year
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆346Updated last year
- AV bypass while you sip your Chai!☆207Updated 6 months ago
- Execute shellcode from a remote-hosted bin file using Winhttp.☆225Updated last year
- Bypassing UAC with SSPI Datagram Contexts☆414Updated last year
- transform your payload into ipv4/ipv6/mac arrays☆151Updated 2 years ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆542Updated 4 months ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆473Updated last year
- Modules used by the Havoc Framework☆204Updated 5 months ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆244Updated 5 months ago
- A Go implementation of Cobalt Strike style BOF/COFF loaders.☆180Updated 2 months ago
- Execute shellcode files with rundll32☆184Updated 9 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆171Updated 10 months ago